Published: 22/12/2022 Updated: 08/08/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox_esr
mozilla thunderbird

Mozilla Foundation Security Advisory 2022-01 Security Vulnerabilities fixed in Firefox 96 Announced January 11, 2022 Impact high Products Firefox Fixed in Firefox 96 ...

Mozilla Foundation Security Advisory 2022-03 Security Vulnerabilities fixed in Thunderbird 915 Announced January 11, 2022 Impact high Products Thunderbird Fixed in Thunderbird 915 ...

Mozilla Foundation Security Advisory 2022-02 Security Vulnerabilities fixed in Firefox ESR 915 Announced January 11, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 915 ...

CWE-116 https://www.mozilla.org/security/advisories/mfsa2022-02/https://www.mozilla.org/security/advisories/mfsa2022-01/https://www.mozilla.org/security/advisories/mfsa2022-03/https://bugzilla.mozilla.org/show_bug.cgi?id=1737252 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-22744

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect