"Firefox for Android Bug Allows ‘Epic Rick-Rolling’"
Researchers have found a vulnerability in Firefox for Android that would allow an adversary to launch websites on a victim's phone, with no user interaction. For the adversary to exploit the bug, the attacker would need to be attached to the same Wi-FI network as the target. An adversary could launch a phishing page, or launch a direct link to an .XPI file, prompting for immediate installation of a malicious extension to compromise the browser itself. The bug could also be used by the adversary to encourage the user to install a malicious package.
Threatpost reports: "Firefox for Android Bug Allows ‘Epic Rick-Rolling’"
Submitted by Anonymous
on