As discovered by a security researcher, Firefox for Android is having a critical bug that lets any hacker hijack other Firefox browsers connected to the same network. The vulnerability is spotted in an SSDP component of Firefox browser and is limited to the Android platform only. Mozilla was informed of this bug and even issued a patch in the version 79.
Mozilla Urges Users to Update Android Firefox Browsers
Firefox browser is a prime offering from Mozilla, which is distributed to provide more secure browsing. It lets users set extensions in the mobile clients unlike the popular Google’s Chrome, and has significant users base in the browser market. While these reports are good for now, Mozilla warns its Android users to update the Firefox browser immediately.
— initstring (@init_string) September 15, 2020
This is because of a bug that was discovered by Chris Moberly, an Australian cybersecurity researcher and later verified by ESET researchers. The bug is spotted in Simple Service Discovery Protocol (SSDP) component of Firefox Android browser, which lets users identify other Firefox browsers connected to the same network and share files.
While searching and connecting to others, this protocol lets the users access the XML file of others Firefox browsers, as a part of the process. And since this XML file has the Android “intent” command stored, researchers say an attacker can exploit this to hijack other connected browsers. The older versions of Firefox browsers give an option to hide this “intent”, which is yet another advantage for attackers to hide detection.
This “intent” can direct the browser to access a certain page or a link, as per the hacker. Thus, connecting to others via SSDP and modifying this intent pack in an XML document with the desired page could exploit the user. Researchers warn about redirections made to phishing sites or other malicious links, and potentially download a malware!
Other Trending News:- News