Firefox for Android could be manipulated on Wi-Fi network

A rich source of U.S. data covering demographics, economy, geography, and more.
Post Reply
bitheerani90
Posts: 391
Joined: Tue Jan 07, 2025 6:32 am

Firefox for Android could be manipulated on Wi-Fi network

Post by bitheerani90 »

“The Firefox app only needed to be open for anyone else on the same Wi-Fi network to force open websites. The issue has now been fixed by Mozilla.”


Firefox for Windows was not vulnerable. — Photo: Reproduction/G1

Mozilla has fixed a vulnerability that allowed the Firefox browser to be manipulated by other people on the same wireless poland mobile database network (Wi-Fi). In practice, the flaw could be used to force the browser to display websites, giving the impression that the smartphone was being controlled by someone else.

“The problem was discovered by security expert Chris Moberly. He posted a video on Twitter demonstrating the flaw in action: when a command is executed on a computer to transmit a message over the network, the phone automatically opens a website in the Firefox browser.”

To be vulnerable to this attack, two conditions were sufficient: having an active connection to a Wi-Fi network and having the Firefox browser for Android open on the smartphone.
Moberly discovered that Firefox was incorrectly handling the Simple Service Discovery Protocol (SSDP), a technology in which devices announce their presence to others on a network. Communication occurs through messages broadcast to all devices connected to the network.

There is no direct interaction with SSDP, but it produces effects that facilitate the use of devices. It can be used, for example, to let a smartphone or computer know that it is connected to the same network as a television set that supports streaming (“casting”) content, which allows it to continue playing a video or music on the television.

However, Firefox's interpretation of these messages ended up causing the browser to open any website indicated by another person on the network, without authorization to do so.

While an attacker could force the browser to display a website, this flaw alone would not be capable of accessing data or compromising the device with spyware. Since the issue was identified by an expert and reported directly to Mozilla, there is no record of the flaw being used in actual attacks.

The vulnerability has been fixed since Firefox version 79. Therefore, simply updating the browser on Android is enough to be immune to this specific attack. The current version of the browser is 80.1.3.

Versions of Firefox for other operating systems – such as Windows, Linux and macOS – were not vulnerable.
Top
Post Reply

Return to “USA Data Set”