CVE-2021-29991 — HTTP Request Smuggling in Mozilla Firefox

CWE-444 — HTTP Request Smuggling CWE-79 — Cross-site Scripting9 documents7 sources

Severity

8.1HIGHNVD

OSV8.8

EPSS

0.3%

top 43.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Debian Firefox

Timeline

PublishedNov 3

Latest updateMay 24

Description

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages8 packages

▶debiandebian/firefox< firefox 91.0.1-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 91.0.1

▶NVDmozilla/firefox< 91.0.1

▶Ubuntumozilla/firefox< 91.0.1+build1-0ubuntu0.18.04.1+1

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-8p2q-73gc-fxq5: Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers↗2022-05-24

▶

OSV

thunderbird vulnerabilities↗2022-01-21

▶

OSV

CVE-2021-29991: Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers↗2021-08-18

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Firefox vulnerability↗2021-08-19

▶

Red Hat

Mozilla: Header Splitting possible with HTTP/3 Responses↗2021-08-18

▶

Debian

CVE-2021-29991: firefox - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as t...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-37: CVE-2021-29991↗

▶