Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-22744

Опубликовано: 11 янв. 2022
Источник: redhat
CVSS3: 6.1

Описание

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.
This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-77
https://bugzilla.redhat.com/show_bug.cgi?id=2039571Mozilla: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-22744

CVSS3: 8.8
ubuntu
больше 2 лет назад

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

nvd логотип

CVE-2022-22744

CVSS3: 8.8
nvd
больше 2 лет назад

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

debian логотип

CVE-2022-22744

CVSS3: 8.8
debian
больше 2 лет назад

The constructed curl command from the "Copy as curl" feature in DevToo ...

github логотип

GHSA-4989-6q5w-wjgw

CVSS3: 8.8
github
больше 2 лет назад

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

fstec логотип

BDU:2022-00297

CVSS3: 6.8
fstec
больше 3 лет назад

Уязвимость функции «Copy as curl» в DevTools почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольные команды в системе

6.1 Medium

CVSS3