Vadim

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 109 Thunderbird versions prior to 102.7 Firefox ESR versions prior to 102.7 **Description** The vulnerability is related to the DevTools panel in Mozilla Firefox and Thunderbird, where the output of a network request copied as a curl command was not properly sanitized. This could allow an attacker to hide arbitrary commands within the output. The issue is associated with a lack of data sanitization at the management level, which could enable a remote attacker to execute arbitrary commands. **Recommendations** For Firefox versions prior to 109, update to version 109 or later to resolve the issue. For Thunderbird versions prior to 102.7, update to version 102.7 or later to resolve the issue. For Firefox ESR versions prior to 102.7, update to version 102.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of the DevTools panel to copy network requests as curl commands until a patch is available.