Home Tech News Firefox Android vulnerability can allow hackers to hijack browser

Firefox Android vulnerability can allow hackers to hijack browser

Recently ESET researcher Lukas Stefanko has discovered a new Firefox android vulnerability, the vulnerability was remote command execution vulnerability that was infecting Firefox Android app.

Mozilla Firefox is the best browser for android mobile. Its security is secured. It saves the mobile data also. It is similar to chrome. It was developed in 2002.

Mozilla says users should update as soon as possible to Firefox v79 for android.

According to the vulnerability report, the SSDP engine of the victims’ Firefox browsers can be tricked into triggering an Android intent by replacing the XML file in the response packet by a specially crafted message.

However, the vulnerability was discovered by Australiancybersecurity researcher Chris Moberly.

Firefox Android Vulnerability Detail

The vulnerability resides in the SSDP engine of the Firefox browser, that can be exploited by the attacker to target the victim’s Android smartphone connected to the same Wifi network.

SSDP (stands for Simple Service Discovery Protocol) is a UDP based protocol that is a part of finding other devices on a network. Periodically firefox sends out SSDP discovery messages to other devices that are connected to the same network, looking for some devices to cast.

An attacker connected to the victim’s Wifi network can run a malicious SSDP server on his/her device and can trigger their commands on nearby Android devices through Firefox without any interaction.

The target simply has to have the Firefox application running on their phone. They do not need to access any malicious websites or click any malicious links. No attacker-in-the-middle or malicious app installation is required

Moberly said

The hacker can attack the wifi router to connect that mobile who connect the same wifi have been hacked and hijack the browsers.

Earlier this week, Moberly published proof-of-concept code that could be used to carry out such attacks.

The firefox android vulnerability has been fixed Mozilla, that can be abused to hijack all the Firefox for android browsers on the same WiFi network and force users to access malicious sites, such as pishing pages.

So that’s why Mozilla upgrade the latest version to improve the browser development and running fast and saved data and also secure & protect from hackers.

In upgrade version of firefox browser ,you could hide Android “intent” commands in this XML.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

6 Best Private Search Engines that Do Not Track You

We all care for our privacy whether in real life or on the Internet. Not to worry we are here with 6 Best Private Search Engines that do not track. And will help you to find which is the best search engine?

In-Depth of Lava’s Customizable Smartphones

Lava is an Indian Smartphone brand that has finally delivered us what other smartphone brands were unable to do. The customizable smartphones are Z1, Z2, Z4, Z6. These smartphones are customized by Lava's My Z service. As specified by Lava this service will be upgraded to MyZup for customizing bought out phones. Let's check out the comparison of Lava's customizable smartphones.

Why companies are removing chargers from smartphone boxes?

Recently Apple stopped shipping the chargers with their phones. According to them, this step was taken to reduce waste generation. But, deep down we know they had done this to boost their retail chargers sales. This reason is still not much clear why companies are removing chargers from smartphone.

How to Mirror Android screen to PC?

We all have heard and love casting our device on the TV. But, did you know that the android screens can also be cast or mirrored in PCs also? This can be done by many methods which can be wired or wireless. We are here with an awesome guide on how to mirror android screen to PC.