Jump to content
Sign in to follow this  

[Slashdot] - Bug Allowed Hijacking Other Firefox Mobile Browsers on the Same Wi-Fi Network

Recommended Posts

"Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same Wi-Fi network and force users to access malicious sites, such as phishing pages," reports ZDNet: The bug was discovered by Chris Moberly, an Australian security researcher working for GitLab. The actual vulnerability resides in the Firefox SSDP component. SSDP stands for Simple Service Discovery Protocol and is the mechanism through which Firefox finds other devices on the same network in order to share or receive content (i.e., such as sharing video streams with a Roku device). When devices are found, the Firefox SSDP component gets the location of an XML file where that device's configuration is stored. However, Moberly discovered that in older versions of Firefox, you could hide Android "intent" commands in this XML and have the Firefox browser execute the "intent," which could be a regular command like telling Firefox to access a link... The bug was fixed in Firefox 79; however, many users may not be running the latest release. Firefox for desktop versions were not impacted.

twitter_icon_large.png facebook_icon_large.png

Read more of this story at Slashdot.


View the full article

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

By using The Great Escaped Online Community, you agree to our Privacy Policy and Terms of Use