Unrated severityNVD Advisory· Published Dec 22, 2022· Updated Apr 16, 2025
CVE-2022-22758
CVE-2022-22758
Description
When clicking on a tel: link, USSD codes, specified after a \* character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4< 97+ 1 more
- (no CPE)range: < 97
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 97.0-1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.