Friday, January 15, 19:12
Home security Firefox error allows breach of nearby mobile browsers via WiFi

Firefox error allows breach of nearby mobile browsers via WiFi

Firefox error

Η Mozilla correct one error which can be used by cyber criminals for infringement Firefox on Android devices. In particular, the attackers could violate them all Firefox Android browsers that are in the same network WiFi and force users to visit maliciously and Phishing sites.

The error was discovered by an Australian researcher security, with the name Chris Moberly, who works at GitLab. According to the researcher, the error is located in Firefox SSDP component. SSDP stands for "Simple Service Discovery Protocol" and is the mechanism used by Firefox to locate other devices on the same network and exchange content.

Once the devices are detected, the Firefox SSDP component takes the place of one file XML where the device configuration is stored. However, the researcher found that in earlier versions of Firefox, an attacker could hide commands in this XML and ask the Firefox browser to execute them. These commands could, for example, tell Firefox to access one Phishing link.

How could the exploitation take place?

To better understand how to exploit the error, consider the following scenario: One hacker is located in a public, busy area (eg airport), connected to the network WiFi and then launches a script on his laptop, which affects the network with incorrectly configured SSDP packets.

Android users who use the Firefox browser during this attack are also affected transferred to a malicious website or are forced to install a malicious Firefox extension.

WiFi

According to another attack scenario, the attacker could target vulnerable WiFi routers. The attackers could utilize exploits to breach uninformed routers and then to violate the internal network of a company and force employees to repeat authentication on Phishing pages.

The security researcher published proof-of-concept code which could be used to carry out such attacks.

According to ZDNet, Mozilla has been aware of the Firefox bug since the summer. Now, the company has fixed the vulnerability in Firefοx 79. However, many users run older versions. It is worth noting that only Firefox for Android is affected. Firefox for desktop versions is not affected by the error.

Mozilla recommends that its users upgrade to the latest version of Firefox for Android, to be safe.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...