He went on to warn that successful exploitation of the bug could lead to a phishing attack on public Wi-Fi networks, by requesting personal user information or login credentials from all users connected to the network who were running unpatched versions of the browser.
#Firefox android for android
“This is a serious issue that allows to trigger any Android Intent on the same Wi-Fi network without any user interaction if you have a vulnerable version of Firefox for Android installed on your device,” said Stefanko. I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below) found by /lbQA4qPehq I tested this PoC exploit on 3 devices on same wifi, it worked pretty well. The bug, which resided in Firefox’s Simple Service Discovery Protocol (SSDP), was uncovered by security researcher Chris Moberly and affected Firefox for Android versions of 68.11.0 and below.ĮSET malware researcher Lukas Stefanko has tested a proof-of-concept (PoC) exploit that takes advantage of the security hole, running the PoC on three devices connected to the same Wi-Fi router.Įxploitation of LAN vulnerability found in Firefox for Android The vulnerability could be abused by black hats to force users to visit websites housing malicious content, which could then be used to execute phishing attacks or to download malware to their devices. Mozilla has patched a security flaw that could allow cybercriminals to hijack all vulnerable Firefox for Android browsers running on devices connected to the same Wi-Fi network.
#Firefox android install
Attackers could have exploited the flaw to steal victims’ login credentials or install malware on their devices
0 kommentar(er)
