USN-5047-1: Firefox vulnerability

19 August 2021

Firefox could be made to incorrectly accept newlines in HTTP/3 response headers.

Releases

Packages

  • firefox - Mozilla Open Source web browser

Details

It was discovered that Firefox could be made to incorrectly accept
newlines in HTTP/3 response headers. If a user were tricked into
opening a specially crafted website, an attacker could exploit this
to conduct header splitting attacks.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04
Ubuntu 20.04
Ubuntu 18.04

After a standard system update you need to restart Firefox to make
all the necessary changes.

References