When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2021-06-24T13:20:35

Updated: 2024-08-03T19:14:10.061Z

Reserved: 2021-01-13T00:00:00

Link: CVE-2021-24002

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-24T14:15:09.577

Modified: 2024-11-21T05:52:11.387

Link: CVE-2021-24002

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-04-19T00:00:00Z

Links: CVE-2021-24002 - Bugzilla