Описание
When clicking on a tel: link, USSD codes, specified after a * character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.
This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 97.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | Android only |
| devel | not-affected | Android only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | not-affected | Android only |
| impish | not-affected | Android only |
| jammy | not-affected | Android only |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 97 |
Показывать по
8.8 High
CVSS3
Связанные уязвимости
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.
When clicking on a tel: link, USSD codes, specified after a <code>\*</ ...
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.
Уязвимость браузера Mozilla Firefox для Android, связанная с ошибками в обработчике USSD-кодов, позволяющая нарушителю выполнить произвольный код
8.8 High
CVSS3