User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0
Firefox for Android
Steps to reproduce:
- Download Firefox 69.0 or even older versions
Go to https://browserleaks.com/webrtc
Firefox cleanly downloaded feeds the internal ip address of your machine on the internal network to the wan and plain text readable on the web
Clearly internal ip address should not be made available by default for crackers or anyone with malicious intent to have information of your internal network domain.
The culprit is WebRTC which is by default ON in firefox ! !
To fix this firefox should be shipped with
It currently ships
By knowingly ignoring this flaw, users can be hacked consciously aided by firefox developers.
I picked this up looking for packets with my internal address on wan using snort etc.
I mean really, we know about this vulnerability since 2015!!
Why doesnt firefox fix it or at least turn webRTC off by default, so that only those wanting to use it can switch it on with knowledge of dangers !!!??