Beware of a bug that leads to hijacking Firefox for Android users via the WiFi network.
One should be aware of the potential threats you are vulnerable to using Firefox in your devices. However, try using the latest available version from the play store. It appears that high-risk remote command execution vulnerability affected Firefox for android. An attacker connected to the same WiFi network as that of the user, who has Firefox in their smart devices, can easily steal the data given vulnerability in the SSDP (Simple Service Discovery Protocol) engine. Chris Moberly is the Australian security researcher who is behind this discovery.
SSDP is a UDP protocol that belongs to UPnP and is used for detecting the various devices connected to a network. Firefox is accountable for sending the periodic alert to the same network's devices regarding SSDP discovery messages. Any of the devices can respond to this broadcast and can give a location to get details about the UPnP device. Firefox then attempts for a location to get an XML file conforming to UPnP specification.
The report of Moberly elucidates that a specially constructed message which points to an Android intent URI replaces XML file location in the response packet. It is the result of the SSDP engine of the victim's Firefox browser, which triggers the Android intent.
The attacker can trigger intent-based commands on android devices connected to a network by running a malware SSDP on his or her server. This is achieved through Firefox installed in the android user.
It is easy to fool around victims by automatic launching of the browser and opening of predefined URL, which compels them to provide their credentials, install malicious apps, and other malicious activities.
"The target should have the Firefox application running on their phone. They do not need to click any malicious links or access any malicious websites. No attacker-in-the-middle or malicious app installation is required. They can simply be sipping coffee while on a cafe's WiFi, and their device will start launching application URIs under the attacker's control," Moberly said.
"This attack is similar to phishing attacks where a malicious site is forced onto the target without their knowledge in the hopes they would enter some sensitive info or agree to install a malicious application." She added.
This vulnerability is fixed by Firefox for the latest Android versions 80 and which followed. It is Moberly who reported about this kind of attack to the Firefox team.