![]() ![]() The process is very easy, the team members are smart and friendly, and it’s a good way to support a project that has helped shape the way we use the web.Īs long as you have app updates enabled and have recently connected to WiFi, you should have received the new version and are safe from exploitation. ![]() If you find a Firefox bug, I definitely recommend sending it straight to them. They were able to confirm that the vulnerable functionality was not included in the newest version and opened some issues to ensure that the offending code was not re-introduced at a later time. They responded right away and were quite pleasant to work with, providing some good info on where exactly this bug came from. I reported the issue directly to Mozilla, just to be safe. Google Play Store was still serving a vulnerable version at this time, but only for a short period. I discovered this bug while the newest version of Firefox Mobile v79 was being rolled out globally. They can simply be sipping coffee while on a cafe’s WiFi, and their device will start launching application URIs under the attacker’s control. No attacker-in-the-middle or malicious app installation is required. They do not need to access any malicious websites or click any malicious links. The target simply has to have the Firefox application running on their phone. ![]() This attack can be leveraged by attackers on the same WiFi network and manifests as applications on the target device suddenly launching, without the users’ permission, and conducting activities allowed by the intent. The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android intent URIs with zero user interaction. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |