According to exploit researcher Chris Moberly, the exploit he found is a way to trick Firefox on Android into running applications. The simple service discovery protocol (SSDP) engine in Firefox can be sent payloads which trick it into running Android intent URIs. Android intent URIs are “messages which request actions from another app component,” according to the developer site for Android. Intents can be used to download files, send messages, or take pictures.
The exploit Moberly found does not require anything from the victim aside from them just being on the same Wi-Fi network as the attacker. Technically speaking, vulnerable versions of Firefox send out SSDP discovery messages to which an attacker can reply. The reply can come in the form of a SSDP server that sends an Android Intent URI which Firefox would then run. These intents are limited to “predefined application intents,” however it can be used to escalate to other apps and increase attacker privileges.
Thankfully, Moberly is a white hat kind of guy, and he worked with Mozilla on the issue. The vulnerability was found when a mass update was rolling out, so he was able to step in and help get it fixed before full launch. As he states, “I reported the issue directly to Mozilla, just to be safe. They responded right away and were quite pleasant to work with, providing some good info on where exactly this bug came from.”
Although this could be a dangerous exploit, his idea of fun is interesting, as he writes that “As a final thought, this most definitely could have been an epic rick roll, where everyone in the room running Firefox tried to figure out what the heck was going on.” The exploit has since been squashed for new versions of Firefox, so make sure you have the latest update and be careful of what open Wi-Fi networks that you frequent. You do not know if an attacker is “never gonna give you up.”