Home > Vulnerability Database > CVE-2022-22744

Mend.io Vulnerability Database

CVE-2022-22744

Date: December 22, 2022

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Language: C

Severity Score

8.8

Related Resources (8)

Url: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/

Url: https://security.alpinelinux.org/vuln/CVE-2022-22744

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1737252

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-22744

Url: https://www.mozilla.org/security/advisories/mfsa2022-03/

Url: https://www.mozilla.org/security/advisories/mfsa2022-02/

Url: https://www.mozilla.org/security/advisories/mfsa2022-01/

Url: https://www.mend.io/vulnerability-database/CVE-2022-22744

Severity Score

8.8

Weakness Type (CWE)

Command Injection

CWE-77

Improper Encoding or Escaping of Output

CWE-116

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-22744

Date: December 22, 2022

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?