Australian cybersecurity expert Chris Moberly at GitLab, discovered a dangerous error in Firefox for Android browser (desktop versions were not affected by the problem). Essentially, this bug was used to force users on the same Wi-Fi network to access malicious sites (provided the victims had Firefox installed).
The vulnerability was related to the operation of the Firefox SSDP (Simple Service Discovery Protocol) component. With this mechanism, Firefox detects other devices on the same network and can share content with them. So, if other devices are found nearby, Firefox SSDP gets access to the XML file, where the configuration of the “neighboring” device is stored.
Moberly discovered that intent commands could be hidden in this XML file, and older versions of Firefox would eventually execute an intent command that could, for example, direct the browser to a link.
Thus, a hacker can walk into a public place (for example, an airport or a shopping mall), connect to a local Wi-Fi network, and then run a script that will send modified SSDP packets to the network. Any Android device owner who used the Firefox browser during this attack could end up at a malicious site or be forced to install a malicious Firefox extension.
Another example of exploiting a bug: an attacker can attack vulnerable Wi-Fi routers, and then spam the company's internal network, eventually forcing employees to re-authenticate on phishing pages.
A demonstration of the attack in practice can be seen below: the problem was exploited by Moberly himself and ESET expert Lucas Stefanko.
– initstring (@init_string) September 15, 2020
Exploitation of LAN vulnerability found in Firefox for Android
I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below) found by @init_string https://t.co/c7EbEaZ6Yx pic.twitter.com/lbQA4qPehq
– Lukas Stefanko (@LukasStefanko) September 18, 2020
Mozilla has fixed this bug in Firefox 79 and is now advising users to update their browser as soon as possible.