|Number of vulnerabilities||1|
Client/Desktop applications / Web browsers
Client/Desktop applications / Messaging software
This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to the affected software incorrectly accepts a newline in a HTTP/3 header, interpretting it as two separate headers. A remote attacker can perform a header splitting attack against servers using HTTP/3.Mitigation
Install updates from vendor's website.Vulnerable software versions
Mozilla Firefox: 80.0 - 91.0
Mozilla Thunderbird: 91.0
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.