Jolla Sailfish OS prior to 1.1.2.16 allows remote malicious users to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.
jolla sailfish os