Mattias Jacobsson

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 91.5 Firefox versions prior to 96 Thunderbird versions prior to 91.5 **Description** The issue arises from the "Copy as curl" feature in DevTools, where the constructed curl command is not properly escaped for PowerShell, potentially leading to command injection if pasted into a PowerShell prompt. This could allow a remote attacker to execute arbitrary commands in the system if the copied data is inserted into the PowerShell command line. The bug specifically affects Thunderbird for Windows, with other operating systems being unaffected. **Recommendations** For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Firefox versions prior to 96, update to version 96 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later. As a temporary workaround, consider avoiding the use of the "Copy as curl" feature in DevTools for these versions until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 91.2 **Description** The issue allows a man-in-the-middle (MITM) to perform a downgrade attack, intercepting transmitted messages or taking control of the authenticated session to execute chosen SMTP commands. If an unprotected authentication method is used, the MITM could also obtain authentication credentials. **Recommendations** For versions prior to 91.2, update to version 91.2 or later to resolve the issue. As a temporary workaround, consider configuring SMTP connections to use protected authentication methods and STARTTLS security to minimize the risk of exploitation. Restrict access to SMTP commands to prevent unauthorized execution until the issue is resolved.