CVE-2022-22744
EUVD-2022-2788722.12.2022, 20:15
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 96.0 |
| mozilla | firefox_esr | 𝑥 < 91.5 |
| mozilla | thunderbird | 𝑥 < 91.5 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| firefox-esr |
| ||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||||||
| mozjs38 |
| ||||||||||||||||||||||
| mozjs52 |
| ||||||||||||||||||||||
| mozjs68 |
| ||||||||||||||||||||||
| mozjs78 |
| ||||||||||||||||||||||
| thunderbird |
|
References