Firefox bug lets you hijack nearby mobile browsers via WiFi
Credit:
ZDNet
Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same WiFi network and force users to access malicious sites, such as phishing pages.
The bug was discovered by Chris Moberly, an Australian security researcher working for GitLab.
The actual vulnerability resides in the Firefox SSDP component. SSDP stands for Simple Service Discovery Protocol and is the mechanism through which Firefox finds other devices on the same network in order to share or receive content (i.e., such as sharing video streams with a Roku device). When devices are found, the Firefox SSDP component gets the location of an XML file where that device's configuration is stored.