CVE-2022-22758

Summary

When clicking on a tel: link, USSD codes, specified after a <code>*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 97.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 97affected

Weaknesses

  • tel: links could have sent USSD codes to the dialer on Firefox for Android

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References