Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related articles


  1. Pentest Tools Port Scanner
  2. Hack Tools Mac
  3. Hacking Tools For Windows
  4. Hacks And Tools
  5. Free Pentest Tools For Windows
  6. Pentest Tools
  7. Black Hat Hacker Tools
  8. Hacking Tools For Windows 7
  9. Hacking Tools And Software
  10. Hackrf Tools
  11. Hackrf Tools
  12. Hacking Tools
  13. Pentest Tools For Ubuntu
  14. Hacker Tools For Pc
  15. Hak5 Tools
  16. Usb Pentest Tools
  17. Hack Tools Pc
  18. Hacker Techniques Tools And Incident Handling
  19. Pentest Tools For Mac
  20. Hacks And Tools
  21. Hacking Tools 2019
  22. Hacker Tools
  23. Pentest Tools Linux
  24. Hacking Tools For Mac
  25. Hack Tool Apk No Root
  26. Hacker Tools Github
  27. Hacker Tools Windows
  28. Ethical Hacker Tools
  29. Hacking Tools And Software
  30. Hack Tool Apk No Root
  31. Hacking Tools Usb
  32. Pentest Tools Url Fuzzer
  33. Pentest Tools Website Vulnerability
  34. Bluetooth Hacking Tools Kali
  35. What Is Hacking Tools
  36. Pentest Tools Nmap
  37. Hacking Tools For Windows Free Download
  38. Pentest Tools Online
  39. Hacker Tools Hardware
  40. Hack And Tools
  41. Hack Tools For Games
  42. Pentest Tools Alternative
  43. Pentest Tools Android
  44. New Hack Tools
  45. Pentest Tools Website Vulnerability
  46. Best Hacking Tools 2019
  47. Top Pentest Tools
  48. Pentest Tools Tcp Port Scanner
  49. Hacking Tools 2019
  50. Hacker Tools Apk
  51. Hacker Tools For Pc
  52. Pentest Tools For Ubuntu
  53. Hack Tools Download
  54. Hackers Toolbox
  55. Wifi Hacker Tools For Windows
  56. Best Hacking Tools 2019
  57. Hacker Tools For Windows
  58. Pentest Tools Download
  59. Hacker Tools Free Download
  60. Tools For Hacker
  61. Hacking App
  62. Bluetooth Hacking Tools Kali
  63. How To Make Hacking Tools
  64. Pentest Tools Nmap
  65. Pentest Tools Nmap
  66. Game Hacking
  67. Hacker Search Tools
  68. Hacker Tools For Ios
  69. Hacking Tools For Kali Linux
  70. Hacker Tool Kit
  71. Pentest Recon Tools
  72. Hacker Hardware Tools
  73. Hacking Tools Name
  74. Pentest Tools Bluekeep
  75. Pentest Tools Bluekeep
  76. Hacker Tools 2020
  77. Hack And Tools
  78. Hack Tools For Ubuntu
  79. Hacker Tools Apk
  80. Hacking Tools
  81. Hacker Tools Windows
  82. Hack Tools Github
  83. Pentest Tools Alternative
  84. Hacking Tools
  85. Pentest Tools Url Fuzzer
  86. Hack Tools For Windows
  87. Kik Hack Tools
  88. Game Hacking
  89. Hack Tools Download
  90. Hacks And Tools
  91. Hacker Tools Software
  92. Hacking Tools For Mac
  93. Install Pentest Tools Ubuntu
  94. Android Hack Tools Github
  95. Hacks And Tools
  96. Hacking App
  97. How To Hack
  98. Hack Tools 2019
  99. Pentest Tools Tcp Port Scanner
  100. Pentest Tools Open Source
  101. Github Hacking Tools
  102. Hacker Tools 2019
  103. Hacker Tool Kit
  104. Hacker Tools
  105. Hacking Tools Windows
  106. Best Hacking Tools 2020
  107. Hacking Tools For Windows 7
  108. Tools For Hacker
  109. Hacker
  110. Hacker Tool Kit
  111. Hacking Tools Windows
  112. Hacking Tools Free Download
  113. Pentest Tools Free
  114. Pentest Tools For Ubuntu
  115. Best Pentesting Tools 2018
  116. Hack Tools Github
  117. Hacker Tools Apk Download
  118. Pentest Tools Linux
  119. Hacking App
  120. Hacker Tool Kit
  121. Hacker Search Tools
  122. What Is Hacking Tools
  123. Hak5 Tools
  124. Pentest Tools For Mac
  125. Hacker Tools Apk
  126. Pentest Automation Tools
  127. Hacker Search Tools
  128. Hacker Tools Hardware
  129. Hacking Tools Windows
  130. Pentest Tools Download

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)