Potatoe

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 66 **Description** The issue arises when the result of the 'Copy as cURL' command in Firefox Developer Tools is pasted into a command shell on macOS, potentially leading to the execution of unintended additional bash script commands if the URL was maliciously crafted. This is due to a problem with the native version of Bash on macOS. The issue is exclusive to macOS, with other operating systems being unaffected. **Recommendations** For Firefox versions prior to 66, update to version 66 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the 'Copy as cURL' command in Firefox Developer Tools when working with potentially malicious URLs on macOS.