CVE-2022-22744

Summary

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 91.5affected
MozillaFirefoxunspecified < 96affected
MozillaThunderbirdunspecified < 91.5affected

Weaknesses

  • The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References