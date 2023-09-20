Stories
This Dangeous Firefox Glitch Can Let Hackers into Your Entire Network

posted by martyb on Thursday September 24, @01:48AM   Printer-friendly [Skip to comment(s)]
from the Max-Headroom-approved dept.
Security

Fnord666 writes:

This dangeous Firefox glitch can let hackers into your entire network:

Cyberattacks rarely stay in one place. A bad enough exploit can cause a chain reaction that harms one computer after another like falling dominoes. And that's exactly what's at stake with a new glitch discovered in Mozilla Firefox that can put your entire network at risk.

Exploitation of LAN vulnerability found in Firefox for Android

I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below) found by @init_stringhttps://t.co/c7EbEaZ6Yxpic.twitter.com/lbQA4qPehq

— Lukas Stefanko (@LukasStefanko) September 18, 2020

The bug was discovered by Australian security researcher Chris Moberly, who found the issue within Firefox's SSDP system. SSDP is used by Firefox to detect other devices on the same network like streaming boxes and external speakers.

But Moberly found something dangerously wrong with SSDP: The system document that stores records of connected devices can be hijacked to execute a command. In a nutshell, this means a hacker could send out malicious files and hijack any device on the same Wi-Fi network. It would be just as easy (and urgent) as opening a link in your browser.

The consequences of this bug are huge, and is another reason why it's never a good idea to use public Wi-Fi.

Original Submission


  • (Score: 3, Insightful) by SomeGuy on Thursday September 24, @01:57AM (1 child)

    by SomeGuy (5632) on Thursday September 24, @01:57AM (#1055934)

    SSDP is used by Firefox to detect other devices on the same network like streaming boxes and external speakers.

    A web browser needs to do this because... why?

    I know, I know, I remember the day common sense in browser design went out the window. It was a very long time ago.

    • (Score: 0) by Anonymous Coward on Thursday September 24, @03:04AM

      by Anonymous Coward on Thursday September 24, @03:04AM (#1055971)

      leik omg i want my chromecast to just work i quit

  • (Score: 0) by Anonymous Coward on Thursday September 24, @02:04AM

    by Anonymous Coward on Thursday September 24, @02:04AM (#1055943)

    I still use Firefox 2.57.

  • (Score: 0) by HammeredGlass on Thursday September 24, @02:54AM

    by HammeredGlass (12241) on Thursday September 24, @02:54AM (#1055966)

    Pretty dirty to leak this bug to force people like me who don't want the crap coming down the pipe from those who care more about everything but a working browser.

