CVE-2022-22758 Information

Dec 23, 2022 cve

Description

When clicking on a tel: link USSD codes specified after a </code> character would be included in the phone number. On certain phones or on certain carriers if the number was dialed this could perform actions on a user’s account similar to a cross-site request forgery attack. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 97.


Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1728742
https://www.mozilla.org/security/advisories/mfsa2022-04/



Share on: