Security researcher Lukas Stefanko tweeted an alert demonstrating the exploitation of a high-risk remote command execution vulnerability affecting the Firefox app for Android. The vulnerability resides in the SSDP engine of the browser that can be exploited by an attacker to target Android smartphones connected to the same Wi-Fi network as the attacker, with Firefox app installed. An attacker can run a malicious SSDP server on his/her device and trigger intent-based commands on nearby Android devices through Firefox without requiring any interaction from the victims.
Source: https://thehackernews.com/2020/09/firefox-android-wifi-hacking.html