CVE-2021-44751

Name of the Vulnerable Software and Affected Versions F-Secure SAFE browser versions prior to March 22, 2022

Description A maliciously crafted website with USSD code in JavaScript or iFrame can trigger the dialer application from the F-Secure browser, potentially allowing an attacker to send unwanted USSD messages or make unwanted calls. In most modern Android OS, the dialer application requires user interaction, but some older Android OS may not need user interaction.

Recommendations For versions prior to March 22, 2022, consider disabling the dialer application trigger in the F-Secure browser until a patch is available. Restrict access to potentially malicious websites to minimize the risk of exploitation. As a temporary workaround, avoid using the F-Secure browser to access websites with USSD code in JavaScript or iFrame until the issue is resolved.