The bug was found in Firefox SSDP component by Chris Moberly, an Australian security researcher working for GitLab, reports ZDNet.
The Simple Service Discovery Protocol (SSDP) is a simple protocol designed to solve the problem of service discovery over a local network.
"Any Android owner using a Firefox browser to navigate the web during this kind of attack would have his mobile browser hijacked and taken to a malicious site, or forced to install a malicious Firefox extension," the report mentioned.
The bug has been fixed in Firefox 79.
Mozilla said users should update as soon as possible to Firefox v79 for Android to remain safe.
Attackers could leverage exploits to take over outdated routers, and then spam a company's internal network and force employees to re-authenticate on phishing pages.
The new Firefox for Android now offers Enhanced Tracking Protection (ETP), providing a better web experience.
"The revamped browsing app comes with our highest privacy protections ever – on by default. ETP keeps numerous ad trackers at bay and out of the users' business," the company said last month.
The Enhanced Tracking Protection automatically blocks many known third-party trackers, by default, in order to improve user privacy online. Private Mode adds another layer for better privacy on device level, it added.