Date
02-09-2021
Cert-In has reported that a vulnerability exists in Mozilla products due to incorrect acceptance of a newline in a HTTP/3 header, and interpreting it as two separate headers. Successful exploitation of the vulnerability could lead to header splitting attack. (Improper Neutralization of CRLF Sequences in HTTP Headers) against servers using HTTP/3.
Solution
Upgrade to Mozilla Firefox versions prior to 91.0.1 and Firefox Thunderbird version prior to 91.0.1
Vendor Information - Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/