New-found vulnerability puts Android phones using Firefox browser at risk

If you’ve been using Firefox as the default browser on your Android device, you should probably stop and use a different one, at least temporarily. According to AndroidPolice, the browser has a major vulnerability that allows a website to force it to download files that could potentially be very damaging to the smartphone. The browser does all of this without the user’s consent, or even knowledge.

Not as secure as you would have hope

To take advantage of the exploit, a website simply has to instruct Firefox to automatically download a file, which the browser will automatically open or execute, depending on what type of file it is. This is mostly because Firefox automatically opens downloaded files according to whatever file associations have been registered in the system. The problem comes from the fact that users are not prompted before the file is opened.

More from News & Analysis

What is the US HIRE Bill and why is India’s $250-billion IT sector worried? Is the internet dead? What's this theory that OpenAI's Sam Altman says might be true?

One of the best ways to keep your phone secure in light of this is if you disable the Unknown Sources setting in your Security settings window. This will stop the phone from trying to install any APK file that hasn’t been downloaded from Google Play. More often than not, users leave the setting on even after they don’t need it anymore because of either development, or some apps like Amazon’s App Store requires it to be enabled.

It is also recommended that you start using an alternate browser immediately. Something like Chrome or Dolphin. If you like Firefox too much to let go, at least use an alternate browser till Mozilla releases an update that fixes the problem.