CVE-2021-29991

The Mozilla Foundation Security Advisory describes this flaw as: Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3...

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

UBUNTU-CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

Mozilla Thunderbird < 91.0.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-37 advisory. - Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed...

Mozilla Firefox < 91.0.1

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 91.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-37 advisory. - Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for...

Mozilla Firefox < 91.0.1

The version of Firefox installed on the remote Windows host is prior to 91.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-37 advisory. - Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for a header...

Security Vulnerabilities fixed in Firefox 91.0.1 and Thunderbird 91.0.1 — Mozilla

Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3...

HTTP/3 and QUIC: Past, Present, and Future

You may have seen the announcements over the past two weeks -- the IETF QUIC RFCs have been published! That leads to a lot of questions, depending on how closely you've followed this space. You might be wondering what this means to you, or you might think QUIC has been an established thing for...

HTTP/3 and QUIC: Past, Present, and Future

You may have seen the announcements over the past two weeks -- the IETF QUIC RFCs have been published! That leads to a lot of questions, depending on how closely you've followed this space...

h2o -- uninitialised memory access in HTTP3

Emil Lerner reports: When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state ...

HTTP/3: Ready to Land

Hi, my name is Mike Bishop; I'm the editor of the newest version of HTTP, HTTP/3. I'm part of Foundry, a team at Akamai that focuses on new and emerging technologies that will impact the future of the web. I've been involved in web standards since the early days of HTTP/2, and most of my work has...

A QUICk Introduction to HTTP/3

HTTP/3 is the newest iteration of the HTTP protocol that improves web security and performance...

Design/Logic Flaw

On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file...

CVE-2020-5859

On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file...

CVE-2020-5859

Summary of CVE-2020-5859 (BIG-IP HTTP/3 QUIC vulnerability) : The issue affects BIG-IP with the HTTP/3 QUIC profile configured, where specially formatted HTTP/3 messages may cause TMM to crash (core dump) and potentially restart, disrupting traffic processing. Impact includes temporary traffic pr...

F5 Networks BIG-IP : BIG-IP HTTP/3 QUIC vulnerability (K61367237)

Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel TMM to produce a core file. CVE-2020-5859 Impact TMM may restart and temporarily fail to process traffic on BIG-IP hosts with the HTTP/3 QUIC profile configured. High availability HA configurations will fail over the...