In Firefox for Android
The problem manifests itself until the release
For vulnerability testing
Firefox for Android periodically broadcasts (multicast UDP) SSDP messages to detect broadcast devices present on the local network, such as media players and smart TVs. All devices on the local network receive these messages and are able to send a response. In normal mode, the device returns a link to the location of the XML file with information about the device that supports UPnP. When conducting an attack, instead of a reference to XML, you can pass a URI with intent commands for Android.
Using intent commands, you can redirect the user to phishing sites or send a link to an xpi file (the browser will prompt you to install the add-on). Since the attacker's responses are not limited in any way, he may try to starve and flood the browser with installation suggestions or malicious sites in the hope that the user will make a mistake and click on the installation of a malicious package. In addition to opening arbitrary links in the browser itself, intent commands can be used to process content in other Android applications, for example, you can open a letter template in an email client (URI mailto:) or launch an interface to make a call (URI tel:).
Source: opennet.ru