When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2021-06-24T13:20:35
Updated: 2024-08-03T19:14:10.061Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-24002
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-24T14:15:09.577
Modified: 2024-11-21T05:52:11.387
Link: CVE-2021-24002
Redhat