Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hijacking nearby Firefox mobile browsers via WiFi by exploiting a bug

Mozilla addressed a bug that can be exploited by attackers to hijack all the Firefox for Android browsers that share the same WiFi network. Mozilla has addressed a vulnerability that can be abused by attackers to hijack all the Firefox for Android browsers on the same WiFi network and force them to visit malicious sites, […]

Firefox android

Mozilla addressed a bug that can be exploited by attackers to hijack all the Firefox for Android browsers that share the same WiFi network.

Mozilla has addressed a vulnerability that can be abused by attackers to hijack all the Firefox for Android browsers on the same WiFi network and force them to visit malicious sites, such as pages delivering malware and phishing pages.

The vulnerability resides in the implementation of Simple Service Discovery Protocol in Firefox. The SSDP protocol is based on the Internet protocol suite for advertisement and discovery of network services and presence information.

The flaw was discovered the security researcher by Chris Moberly from GitLab.

Once a device is discovered, the Firefox SSDP component gets the location of an XML file that includes its configuration.

“The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android intent URIs with zero user interaction. This attack can be leveraged by attackers on the same WiFi network and manifests as applications on the target device suddenly launching, without the users’ permission, and conducting activities allowed by the intent.” wrote the Moberly.

“The target simply has to have the Firefox application running on their phone. They do not need to access any malicious websites or click any malicious links. No attacker-in-the-middle or malicious app installation is required. They can simply be sipping coffee while on a cafe’s WiFi, and their device will start launching application URIs under the attacker’s control.”

Moberly discovered that in older versions of Firefox it is possible to hide Android “intent” commands in this XML, tricking the Firefox browser in executing the “intent.” The intent could be a regular command that instructs the browser in visiting a specific link.

An attacker connecting to the WiFi network could launch a script on their laptop that sends out malformed SSDP packets.

Any Android owner connected to the same WiFi that is using a Firefox browser to navigate the web would have his browser hijacked to a malicious site.

“Any device on the local network can respond to these broadcasts and provide a location to obtain detailed information on a UPnP device. Firefox will then attempt to access that location, expecting to find an XML file conforming to the UPnP specifications.” added the expert.

“This is where the vulnerability comes in. Instead of providing the location of an XML file describing a UPnP device, an attacker can run a malicious SSDP server that responds with a specially crafted message pointing to an Android intent URI. Then, that intent will be invoked by the Firefox application itself.”

Below an example of a message that would force any Android phones on the local network with Firefox running to visit the http://example.com page:

HTTP/1.1 200 OK
CACHE-CONTROL: max-age=1800
DATE: Tue, 16 Oct 2018 20:17:12 GMT
EXT:
LOCATION: intent://example.com/#Intent;scheme=http;package=org.mozilla.firefox;end
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: uuid:7f7cc7e1-b631-86f0-ebb2-3f4504b58f5c
SERVER: UPnP/1.0
ST: roku:ecp
USN: uuid:7f7cc7e1-b631-86f0-ebb2-3f4504b58f5c::upnp:rootdevice
BOOTID.UPNP.ORG: 0
CONFIGID.UPNP.ORG: 1

Moberly also published proof-of-concept code that could be used to exploit the bug along with two video-poc of Moberly and the popular ESET security researcher Lukas Stefanko.

Moberly reported the vulnerability to Mozilla earlier this summer, the company addressed the flaw with the release of Firefox 79.

The expert pointed out that Firefox for desktop versions were not impacted.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Mozilla)

[adrotate banner=”5″]

[adrotate banner=”13″]