Bug 808925 (CVE-2021-29991)

Summary:	[Tracker] HTTP/3 Header splitting in Mozilla products
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	808927, 808933
Bug Blocks:

Description John Helmert III archtester

2021-08-18 19:56:21 UTC

"Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3."