Mozilla fixed a bug that could have let attackers hijack any Firefox Android browser sharing the same Wi-Fi network.
Firefox Android web browser users must upgrade to the latest available version of the Firefox Android app to prevent their devices from being hijacked. The reason is a vulnerability that attackers can exploit to hijack all Firefox web browsers on the same network.
Chris Moberly, an Australian security researcher associated with GitLab, identified a remote command execution vulnerability in the SSDP (Simple Service Discovery Protocol) engine of the older versions of Firefox web browser for Android phones.
See: Camera privacy bug found in Firefox Android in 2019 hasn’t been fixed yet
This vulnerability can be exploited to compromise all the devices connected to the same wireless network as the attackers, and having the Firefox app installed.
Later, ESET security researcher Lukas Stefanko posted a tweet to alert Firefox web browser users and demonstrated how the high-risk vulnerability could affect the Firefox app for Android.
SSDP is a UDP-based protocol and part of Universal Plug and Play (UPnP). It is used for locating other devices connected to the same Wi-Fi network to share/receive content such as shared video streams using a Roku device.
Firefox for An ..
Support the originator by clicking the read the rest link below.
