PT-2022-1402 · Mozilla+3 · Thunderbird+5

Mattias Jacobsson

·

Published

2022-01-11

·

Updated

2024-12-12

·

CVE-2022-22744

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 91.5 Firefox versions prior to 96 Thunderbird versions prior to 91.5
Description The issue arises from the "Copy as curl" feature in DevTools, where the constructed curl command is not properly escaped for PowerShell, potentially leading to command injection if pasted into a PowerShell prompt. This could allow a remote attacker to execute arbitrary commands in the system if the copied data is inserted into the PowerShell command line. The bug specifically affects Thunderbird for Windows, with other operating systems being unaffected.
Recommendations For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Firefox versions prior to 96, update to version 96 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later. As a temporary workaround, consider avoiding the use of the "Copy as curl" feature in DevTools for these versions until a patch is applied.

Exploit

Fix

Improper Encoding or Escaping of Output

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-78

Related Identifiers

ALT-PU-2022-1022
ALT-PU-2022-1023
ALT-PU-2022-1053
ALT-PU-2022-1078
ALT-PU-2022-1090
ALT-PU-2022-1091
ALT-PU-2022-1097
ALT-PU-2022-1781
ALT-PU-2022-1783
ALT-PU-2022-2930
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-00297
CVE-2022-22744
OPENSUSE-SU-2022:0136-1
OPENSUSE-SU-2022:0199-1
OPENSUSE-SU-2022_0136-1
OPENSUSE-SU-2022_0199-1
OPENSUSE-SU-2024:11732-1
OPENSUSE-SU-2024:11733-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2022:0115-1
SUSE-SU-2022:0136-1
SUSE-SU-2022:0137-1
SUSE-SU-2022:0199-1
SUSE-SU-2022:14880-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Red Os
Suse
Thunderbird