Mozilla has recently fixed a bug in its android browser that was being exploited by hackers.
Firefox Android web browser users must upgrade to the latest available version of the Firefox Android app to prevent their devices from being hijacked. The listed vulnerability allows the hackers to highjack all the devices connected to the same network.
A remote command execution vulnerability was found in the SSDP (Simple Service Discovery Protocol) engine of the older versions of Firefox web browser for Android phones. This vulnerability can be exploited to compromise all the devices connected to the same wireless network as the attackers.
SSDP is a UDP-based protocol and part of Universal Plug and Play (UPnP). It is used for locating other devices connected to the same Wi-Fi network to share/receive content such as shared video streams.
Once compromised, the browser will launch automatically and redirect the user to phishing pages where they will have to enter their credentials, load malicious sites, or install malicious extensions. The attack can target vulnerable Wi-Fi routers and may leverage exploits to compromise outdated routers.
Older versions of Firefox can hide Android intent commands in the XML file, due to which Firefox browser executes this command. It could be any regular command, such as forcing Firefox to access a link. Researchers have informed Firefox about the flaw and the organization has released a patch for it.
NPAV recommends users to keep updating the software that they use on their systems. Organizations keep on releasing security patches for their product which will fix various vulnerabilities and enhance the security.
Use NPAV and join us on a mission to secure the cyber world.