Vulnerability Description
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 96.0 |
| Mozilla | Firefox Esr | < 91.5 |
| Mozilla | Thunderbird | < 91.5 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1737252Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2022-01/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-02/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-03/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1737252Issue Tracking
- https://www.mozilla.org/security/advisories/mfsa2022-01/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-02/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-03/Vendor Advisory
FAQ
What is CVE-2022-22744?
CVE-2022-22744 is a vulnerability with a CVSS score of 8.8 (HIGH). The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This...
How severe is CVE-2022-22744?
CVE-2022-22744 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22744?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird, Microsoft Windows.