Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More information
  1. Tools 4 Hack
  2. Nsa Hacker Tools
  3. Pentest Tools Tcp Port Scanner
  4. World No 1 Hacker Software
  5. Nsa Hacker Tools
  6. Termux Hacking Tools 2019
  7. Hacker Tools Windows
  8. Best Hacking Tools 2020
  9. Hacker Tools List
  10. Hacking Tools For Kali Linux
  11. Hacking Tools For Kali Linux
  12. How To Make Hacking Tools
  13. Hacking Tools For Games
  14. Hacking Tools Windows 10
  15. Hacker Hardware Tools
  16. Pentest Tools Open Source
  17. Hackrf Tools
  18. Hack Tool Apk
  19. Hacking Apps
  20. Free Pentest Tools For Windows
  21. Nsa Hack Tools Download
  22. Hacking Tools Online
  23. Hacking Tools For Games
  24. How To Make Hacking Tools
  25. Pentest Tools For Ubuntu
  26. Hack And Tools
  27. Hack Tools Download
  28. Android Hack Tools Github
  29. Hacker Security Tools
  30. Hacker Tools For Windows
  31. What Is Hacking Tools
  32. Hacker Tools Online
  33. Hacker Tools For Windows
  34. Hacking Tools 2020
  35. Kik Hack Tools
  36. Hack Tools 2019
  37. Hacker Tools 2019
  38. Pentest Tools Find Subdomains
  39. Pentest Reporting Tools
  40. Hacking Tools Software
  41. How To Make Hacking Tools
  42. Hack Tools Download
  43. Tools 4 Hack
  44. Hacker Tools For Mac
  45. Hak5 Tools
  46. Hacker
  47. Hack Tools For Windows
  48. Pentest Tools Nmap
  49. Pentest Tools For Windows
  50. Hack Tools Download
  51. Hacking Tools Free Download
  52. Pentest Tools Open Source
  53. Tools For Hacker
  54. Pentest Tools Kali Linux
  55. Hacker Search Tools
  56. Pentest Tools For Android
  57. Hacker Tools Software
  58. Blackhat Hacker Tools
  59. Hacking Tools For Pc
  60. Hacks And Tools
  61. Hack And Tools
  62. Hacking Tools Kit
  63. Pentest Tools Kali Linux
  64. Hacking Tools And Software
  65. New Hack Tools
  66. Pentest Tools Alternative
  67. Hacking Tools Name
  68. Hacking Tools
  69. Hacker Hardware Tools
  70. What Is Hacking Tools
  71. Hackers Toolbox
  72. Hacker Tools Github
  73. Underground Hacker Sites
  74. Pentest Tools Website
  75. Hacker Tool Kit
  76. Hacking Tools Name
  77. Hacking Tools Download
  78. Easy Hack Tools
  79. Hack Tool Apk
  80. Easy Hack Tools
  81. Pentest Automation Tools
  82. Hack Tools For Mac
  83. Hacker Tools Apk
  84. Pentest Tools Kali Linux
  85. Beginner Hacker Tools
  86. Hacking Tools For Kali Linux
  87. Hacker Tools
  88. Best Hacking Tools 2019
  89. Pentest Tools For Android
  90. Hacker
  91. Hacker Tools Software
  92. Hacking Tools For Windows Free Download
  93. Hackrf Tools
  94. Pentest Tools Url Fuzzer
  95. Pentest Tools
  96. Hacker Tools Online
  97. Underground Hacker Sites
  98. Pentest Reporting Tools
  99. Hack Apps
  100. Hackers Toolbox
  101. Usb Pentest Tools
  102. Hacker Tools Hardware
  103. Hackrf Tools
  104. Hacker Tools 2020
  105. Hack Tools
  106. New Hack Tools
  107. Pentest Tools For Ubuntu
  108. Hack Tools Online
  109. Pentest Tools For Ubuntu
  110. Hacker Tools Github
  111. World No 1 Hacker Software
  112. Hacker Tools Apk
  113. Hacker Tools Linux
  114. Underground Hacker Sites
  115. Pentest Tools List
  116. Pentest Tools Github
  117. Blackhat Hacker Tools
  118. Hacker Tools
  119. Hackrf Tools
  120. Hacking Tools Hardware
  121. Hacking Tools For Kali Linux

Comments

Post a Comment

Popular Posts