The bug was plant in variation 68 of Firefox for Android by researcher Chris Moberly . Mozilla was confirm to harbinger that the later Firefox Fenix ( take up with adaptation 79 ) is not impact — the Android adaptation of Firefox derail from 68 to 79 when Fenix take away the Fennec reading . The defect is link to Firefox regularly place out SSDP find substance in explore of bit - projection screen gizmo it can plaster cast to , according to Moberly . Any data processor which is colligate to the Sami topical anaesthetic domain electronic network ( LAN ) will study these substance . An assailant associate to the Same Wi - Fi web as the direct user may instal a malicious SSDP host which is gear up up to react with peculiarly designed subject matter which trip Firefox to overt an arbitrary web site . This is probable because the content that Firefox air are searching for an XML file cabinet that define a Common Plug and Play ( UPnP ) estimator that it can purge to , but rather the server of the assaulter answer with a content bear on to a Firefox - conjure up Android Purpose URI . The helplessness is correspondent to RCE ( remote control program line implementation ) in that a outback aggressor ( on the Lapplander WiFi mesh ) will cause the organisation to do unauthorised zero - interaction boast from the goal user . This carrying into action , however , is not entirely random in that alone predefined chore intent can be key , Moberly explicate . He suppose , “ Had it been ill-used in the baseless , former application might have exploited hump - vulnerable motif . ” Or it may have been victimised in a way standardised to phishing onset where a malicious internet site is push into the victim without their cognition in the Bob Hope of accede any personal datum or decide to install a malicious computer program . The POC overwork will plug into immediately to the .xpi register , induce a malicious university extension to be enable straight off to via media the web browser itself .
I try out this PoC feat on 3 devices on Lapp WLAN , it operate reasonably easily . I was capable to capable usage uniform resource locator on every smartphone victimisation vulnerable Firefox ( 68.11.0 and below ) regain by @init_string https://t.co/c7EbEaZ6Yx pic.twitter.com/lbQA4qPehq — Lukas Stefanko ( @LukasStefanko ) September 18 , 2020 technological cognition and a substantiation - of – construct ( PoC ) exploit were bring out by Moberly . ESET research worker Lukas Stefanko swan that the ward-heeler is serve and put up a television march how a drudge can simultaneously loose arbitrary site on three telephone set .
