Recently ESET researcher Lukas Stefanko has discovered a new Firefox android vulnerability, the vulnerability was remote command execution vulnerability that was infecting Firefox Android app.
Mozilla Firefox is the best browser for android mobile. Its security is secured. It saves the mobile data also. It is similar to chrome. It was developed in 2002.
Mozilla says users should update as soon as possible to Firefox v79 for android.
According to the vulnerability report, the SSDP engine of the victims’ Firefox browsers can be tricked into triggering an Android intent by replacing the XML file in the response packet by a specially crafted message.
However, the vulnerability was discovered by Australiancybersecurity researcher Chris Moberly.
Firefox Android Vulnerability Detail
The vulnerability resides in the SSDP engine of the Firefox browser, that can be exploited by the attacker to target the victim’s Android smartphone connected to the same Wifi network.
SSDP (stands for Simple Service Discovery Protocol) is a UDP based protocol that is a part of finding other devices on a network. Periodically firefox sends out SSDP discovery messages to other devices that are connected to the same network, looking for some devices to cast.
An attacker connected to the victim’s Wifi network can run a malicious SSDP server on his/her device and can trigger their commands on nearby Android devices through Firefox without any interaction.
The target simply has to have the Firefox application running on their phone. They do not need to access any malicious websites or click any malicious links. No attacker-in-the-middle or malicious app installation is requiredMoberly said
The hacker can attack the wifi router to connect that mobile who connect the same wifi have been hacked and hijack the browsers.
Earlier this week, Moberly published proof-of-concept code that could be used to carry out such attacks.
The firefox android vulnerability has been fixed Mozilla, that can be abused to hijack all the Firefox for android browsers on the same WiFi network and force users to access malicious sites, such as pishing pages.
So that’s why Mozilla upgrade the latest version to improve the browser development and running fast and saved data and also secure & protect from hackers.
In upgrade version of firefox browser ,you could hide Android “intent” commands in this XML.