In Firefox for Android
The problem manifests itself until the release
For vulnerability testing
Firefox for Android periodically in broadcast mode (multicast UDP) sends SSDP-messages to determine the presence in the local network broadcasting devices, such as multimedia players and smart TVs. All devices in the local network receive these messages and are able to send a reply. In normal mode, the device returns a link to the location of the XML file with information about the UPnP-enabled device. When carrying out an attack, instead of a link to the XML, you can send the URI with intent-teams for Android.
With the help of inten-commands you can redirect the user to phishing sites or send a link to the xpi-file (the browser will offer to install an add-on). Since the answers of the attacker is not limited to anything, he can try to take the wear and tear and flood the browser offers to install or malicious sites in the hope that the user will make a mistake and click on the installation of a malicious package. In addition to opening any links in the browser itself intent-teams can be used to process content in other Android applications, for example, you can open a template letter in the mail client (URI mailto:) or run the interface to make a call (URI tel:).