"Firefox for Android Bug Allows ‘Epic Rick-Rolling’"

Researchers have found a vulnerability in Firefox for Android that would allow an adversary to launch websites on a victim's phone, with no user interaction.  For the adversary to exploit the bug, the attacker would need to be attached to the same Wi-FI network as the target.  An adversary could launch a phishing page, or launch a direct link to an .XPI file, prompting for immediate installation of a malicious extension to compromise the browser itself. The bug could also be used by the adversary to encourage the user to install a malicious package.

Threatpost reports: "Firefox for Android Bug Allows ‘Epic Rick-Rolling’"