Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. References: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/