When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

When a user clicked on an FTP URL containing encoded newline character ...

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками при обработке символов новой строки в URL-адресе FTP, позволяющая нарушителю отправлять произвольные команды на FTP-сервер

Security update for MozillaFirefox

Security update for MozillaFirefox

Security update for MozillaFirefox

Security update for MozillaFirefox

Security update for MozillaFirefox

ELSA-2021-1363: firefox security update (IMPORTANT)

ELSA-2021-1360: firefox security update (IMPORTANT)

Security update for MozillaThunderbird

Security update for MozillaThunderbird

ELSA-2021-1353: thunderbird security update (IMPORTANT)

ELSA-2021-1350: thunderbird security update (IMPORTANT)