CVE-2021-44751: 
NixOS vulnerability analysis and mitigation

A vulnerability affecting F-Secure SAFE browser for Android was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. The vulnerability was disclosed on March 25, 2022 and affects F-Secure SAFE browser versions 18.5 and earlier (NIST NVD, CERT-FR).

The vulnerability allows an attacker to exploit the browser's handling of USSD (Unstructured Supplementary Service Data) codes through JavaScript or iFrame elements. When a malicious website containing these elements is visited, it can trigger the device's dialer application through the F-Secure browser. The severity of exploitation varies depending on the Android OS version - modern Android versions require user interaction for dialer activation, while some older versions may not require this additional security step (NIST NVD).

The successful exploitation of this vulnerability could lead to unauthorized USSD code execution and unwanted phone calls being made from the victim's device. This could potentially result in service charges or unwanted actions being performed through USSD services (NIST NVD).

Users should upgrade to versions newer than F-Secure SAFE browser 18.5. Additionally, users should ensure they are running a modern version of Android OS that implements user interaction requirements for dialer application activation (CERT-FR).