CVE-2021-24002

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
References
Configurations

Configuration 1

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Information

Published : 2021-06-24 02:15

Updated : 2021-07-02 05:01


NVD link : CVE-2021-24002

Mitre link : CVE-2021-24002

Products Affected
No products.
CWE