CVE-2022-38163: 
NixOS vulnerability analysis and mitigation

A drag and drop spoof vulnerability (CVE-2022-38163) was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. The vulnerability was disclosed on October 28, 2022, and affected the browser's address bar functionality. The issue was reported through F-Secure's Vulnerability Reward Program (F-Secure Advisory).

The vulnerability allows drag and drop operations by users on the address bar to lead to address bar spoofing. The severity of this vulnerability has been assessed as LOW with a CVSS v3.1 Base Score of 3.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N) (NVD).

The vulnerability could potentially allow attackers to spoof the address bar, which might lead to users being misled about the website they are visiting. This could result in phishing attacks where users believe they are on a legitimate website when they are actually on a malicious one (F-Secure Advisory).

F-Secure released version 19.2 through the automatic update channel on October 25, 2022, which addresses this vulnerability. No user action is required as the update is distributed automatically. The risk level was classified as Medium by F-Secure (F-Secure Advisory).