Firefox for Android Bug Allows ‘Epic Rick-Rolling’

2020-09-21 17:01

A vulnerability in Firefox for Android paves the way for an attackers to launch websites on a victim's phone, with no user interaction.

"Instead of providing the location of an XML file describing a UPnP device, an attacker can run a malicious SSDP server that responds with a specially crafted message pointing to an Android intent URI. Then, that intent will be invoked by the Firefox application itself."

Thus, a specially crafted response can force an Android phone on the local network with Firefox running to suddenly launch a specific website.

"This most definitely could have been an epic rick-roll, where everyone in the room running Firefox tried to figure out what the heck was going on," the researcher said.

Exploitation of LAN vulnerability found in Firefox for Android.

News URL

https://threatpost.com/firefox-android-bug-rick-rolling/159397/

#android #firefox

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Android		4	0	17	2	0	19