Mozilla has asked Firefox users on Android to update their browser urgently. They found a bug, using which hackers can hack a device over a Wi-Fi network and visit malicious sites.
Mozilla has fixed a bug that could be used to control all Firefox browsers on Android on the same Wi-Fi network. Hackers can use user-profiles and data and navigate to malicious sites such as phishing pages.
The bug was discovered by Chris Moberly, an Australian security researcher at GitLab. They urged Mozilla to fix it as soon as possible.
He pointed out that the vulnerability is in the Firefox SSDP component. SSDP is a Simple Service Discovery Protocol and is a mechanism by which Firefox finds other devices on the same network to exchange or receive content (for example, video streaming)
— initstring (@init_string) September 15, 2020
The researcher explained that this bug is especially dangerous in a scenario where a hacker enters an airport or a shopping mall, connects to a Wi-Fi network, and then can hijack all devices that are connected to it.
Another scenario is if an attacker is targeting vulnerable Wi-Fi routers. Attackers can exploit the vulnerability to hijack legacy routers and then send spam to the company’s internal network and force employees to re-authenticate on phishing pages.
The bug was reportedly fixed in Firefox 79.