{"id":"CVE-2021-24002","details":"When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.","modified":"2026-04-16T04:34:48.062718729Z","published":"2021-06-24T14:15:09.577Z","related":["SUSE-SU-2021:1307-1","SUSE-SU-2021:1325-1","SUSE-SU-2021:1432-1","SUSE-SU-2021:1433-1","SUSE-SU-2021:14708-1","openSUSE-SU-2021:0621-1","openSUSE-SU-2021:0644-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-14/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-15/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-16/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1702374"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"88.0"}]},{"events":[{"introduced":"0"},{"fixed":"78.10"}]},{"events":[{"introduced":"0"},{"fixed":"78.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24002.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}