Vulnerability in Firefox for Android, which allows you to manage your browser over shared Wi-Fi

Vulnerability in Firefox for Android, which allows you to manage your browser over shared Wi-Fi

In Firefox for Android serious vulnerability in the implementation of the protocol SSDP, used to detect network services on the local network. The vulnerability allows an attacker located on the same LAN or wireless network to respond to Firefox test requests with UPnP XML “LOCATION” message with intent commands that can be used to open arbitrary URI in browser or to call handlers of other applications.

The problem manifests itself until the release Firefox for Android 68.11.0 and fixed in the version of Firefox for Android 79, ie old classic releases of Firefox for Android are vulnerable and to block the problem requires a transition to new edition browser (Fenix), which uses the engine GeckoView, based on Firefox Quantum technologies, and a set of libraries Mozilla Android Components. Versions of Firefox for desktop systems the problem does not affect.

For vulnerability testing prepared working prototype exploit. The attack is carried out without any action on the part of the user, it is enough that the mobile device was running the vulnerable browser Firefox for Android and that the victim was on the same subnet with the SSDP-server of the attacker.

Firefox for Android periodically in broadcast mode (multicast UDP) sends SSDP-messages to determine the presence in the local network broadcasting devices, such as multimedia players and smart TVs. All devices in the local network receive these messages and are able to send a reply. In normal mode, the device returns a link to the location of the XML file with information about the UPnP-enabled device. When carrying out an attack, instead of a link to the XML, you can send the URI with intent-teams for Android.



With the help of inten-commands you can redirect the user to phishing sites or send a link to the xpi-file (the browser will offer to install an add-on). Since the answers of the attacker is not limited to anything, he can try to take the wear and tear and flood the browser offers to install or malicious sites in the hope that the user will make a mistake and click on the installation of a malicious package. In addition to opening any links in the browser itself intent-teams can be used to process content in other Android applications, for example, you can open a template letter in the mail client (URI mailto:) or run the interface to make a call (URI tel:).



WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: