CVE-2022-22744
CVSS v3.1
8.8 (High)
EPSS
0.14 % (50th)
Affected Products
4
Advisories
10
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Weaknesses
- CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2022-12-22 20:15:15
(21 months ago) - Updated Date
-
2022-12-29 20:05:04
(20 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...