AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-22744: The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This c

highvulnerability

security

Source: NVD/CVE DatabaseDecember 22, 2022CVE-2022-22744

Summary

A security flaw in Firefox, Firefox ESR, and Thunderbird's DevTools allowed the 'Copy as curl' feature to create commands that weren't properly escaped for PowerShell (a command-line tool on Windows). If someone pasted these commands into PowerShell, an attacker could inject malicious commands that would execute on the user's computer. This only affected Windows users.

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-116 CWE-116

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-22744

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%