The Mozilla Foundation has patched a High risk vulnerability in Firefox 91.0.1.
An attacker could exploit the vulnerability to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2021-37, Firefox 91.0.1 addressed just one “Header Splitting possible with HTTP/3 Responses” vulnerability CVE-2021-29991.
“Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3.
This is the first security release since Firefox 91 was released last week, with six security fixes and a new Windows SSO feature among other privacy enhancements.
- Mozilla releases Firefox 91 with Windows SSO feature and 5 High risk security fixes
- Mozilla releases Firefox 90 with new version of SmartBlock and 9 security fixes
- Mozilla releases Firefox 89 with new privacy protections and nine security fixes
- Mozilla releases Firefox 88 with new protection against privacy leaks on the web
- Firefox 87 adds SmartBlock for Private Browsing
- Firefox 86 adds ‘Total Cookie Protection’ along with fixes for 5 High risk vulnerabilities