Severity
High
Analysis Summary
CVE-2021-24002
By persuading a victim to click on a specially-crafted FTP URL containing encoded newline characters (%0A and %0D), a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary commands on the vulnerable system or cause a denial of service. Mozilla Firefox could allow a remote attacker to execute arbitrary commands on the system.
Impact
- Unauthorized Access
- Command Execution
Affected Vendors
Mozilla
Affected Products
- Mozilla Thunderbird 78.9.0
- Mozila Firefox 87
- Mozilla Firefox ESR 78.9
Remediation
Refer to Mozilla Foundation Security Advisory 2021-16 for patch, upgrade or suggested workaround information.
Mozilla Foundation Security Advisory 2021-16