curl: OS Command Injection in scripts/firefox-db2pem.sh via untrusted certificate nicknames

On AI usage: Only for grammar/formatting suggestions/POC code troubleshooting; all vulnerability discovery, POC code creation, and analysis were done manually. Hey folks, I noticed something I think is worth bringing to you-- scripts/firefox-db2pem.sh helper in the curl source uses eval certutil ...