Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-4989-6q5w-wjgw

Опубликовано: 22 дек. 2022
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.
This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.
This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Ссылки

EPSS

Процентиль: 61%
0.00414
Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-22744

Дефекты

CWE-116
CWE-77

Связанные уязвимости

ubuntu логотип

CVE-2022-22744

CVSS3: 8.8
ubuntu
больше 2 лет назад

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

redhat логотип

CVE-2022-22744

CVSS3: 6.1
redhat
больше 3 лет назад

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

nvd логотип

CVE-2022-22744

CVSS3: 8.8
nvd
больше 2 лет назад

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

debian логотип

CVE-2022-22744

CVSS3: 8.8
debian
больше 2 лет назад

The constructed curl command from the "Copy as curl" feature in DevToo ...

fstec логотип

BDU:2022-00297

CVSS3: 6.8
fstec
больше 3 лет назад

Уязвимость функции «Copy as curl» в DevTools почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольные команды в системе

EPSS

Процентиль: 61%
0.00414
Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-22744

Дефекты

CWE-116
CWE-77