Web
Android
Vulnerability
Threat Guidances
September 24, 2020

Firefox for Android Vulnerabilities

Lookout Coverage and Recommendation for Admins

Without Lookout on the device, there’s no way for a targeted individual to know this attack is taking place. Whether the attacker is trying to deliver a phishing link or install malware, Lookout will detect and protect against both types of malicious activity.

Lookout will detect outdated versions of the Android Firefox app as part of its default policy that alerts a user if an app on their device has an exploitable vulnerability. The admin can then customize the policy to set a risk level and response that align with their organization’s security policies.

Overview

A vulnerability in the Android version of the Firefox mobile app was recently discovered by an independent researcher. For Firefox v68.11.0 and below, there is a vulnerability in the Wi-Fi protocols that could allow an attacker to trigger actions on a victim’s device if the two are connected to the same Wi-Fi network.

By exploiting this vulnerability, the attacker can trigger the device to perform unauthorized functions. Some of these functions require no action by the end user, such as redirecting the Firefox browser to a phishing site. If the attacker wants to convince the target to download a malicious app, they can have the device prompt the user to do so. To create greater impact, the attacker could make this part of a larger exploit chain by using it in combination with other device or app vulnerabilities that the victim is subject to.

Lookout Analysis

In order for this attack to be successful, the target device must have a vulnerable version of the Firefox app installed and be connected to the same Wi-Fi network as the attacker. Since this vulnerability is cause by a lack of input validation for SSDP (Simple Service Delivery Protocol), the threat actor can send a crafted SSDP message to the target device to carry out the attack. Until something executes on the device and a there’s a notification on the target’s device, they wouldn’t know this was all happening.

Authors

Lookout

Endpoint Security
Platform(s) Affected
Web
Platform(s) Affected
Android
Threat Type
Vulnerability
Entry Type
Threat Guidances
Platform(s) Affected
Web
Android
Vulnerability
Threat Guidances

Related Content

CVE-2025-31200-31201 Update

CISA recently added guidance to CVE-2025-31200, a memory corruption issue, and CVE-2025-31201, an arbitrary read and write issue.

Read Threat Article

CVE-2025-24201 on iOS

CISA recently provided guidance for CVE-2025-24201, an out-of-bounds write issue in WebKit. There has been evidence of active exploitation of this CVE.

Read Threat Article

Lookout Discovers New Spyware by North Korean APT37

Lookout researchers have discovered a novel Android surveillance tool dubbed KoSpy. It is attributed to APT 37 aka ScarCruft.

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell