firefox is vulnerable to command injection. The vulnerability exists due to the lack of throttling on external protocol launch dialog allowing an attacker to trick users into accepting launching a program to handle an external URL protocol.
access.redhat.com/errata/RHSA-2022:0126
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1744158
bugzilla.redhat.com/show_bug.cgi?id=2039573
www.mozilla.org/security/advisories/mfsa2022-01/
www.mozilla.org/security/advisories/mfsa2022-02/
www.mozilla.org/security/advisories/mfsa2022-03/