CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a * character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.
References
Configurations

Configuration 1


Information

Published : 2022-12-22 08:15

Updated : 2022-12-29 10:50


NVD link : CVE-2022-22758

Mitre link : CVE-2022-22758

Products Affected
No products.
CWE
CWE-319

Cleartext Transmission of Sensitive Information