viernes, enero 19, 2024

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related posts


  1. How To Install Pentest Tools In Ubuntu
  2. Wifi Hacker Tools For Windows
  3. Pentest Tools Port Scanner
  4. Pentest Tools For Mac
  5. Hacker
  6. Hacker Tools Mac
  7. Hacking Tools Online
  8. Physical Pentest Tools
  9. Pentest Tools Linux
  10. Pentest Recon Tools
  11. Hacker Tools Mac
  12. Hack Apps
  13. Pentest Tools Alternative
  14. Hacker Tools For Pc
  15. Pentest Tools Kali Linux
  16. Hack Website Online Tool
  17. Pentest Tools Url Fuzzer
  18. Hacker Tools Apk
  19. Usb Pentest Tools
  20. Android Hack Tools Github
  21. Hack Tools For Games
  22. Hack Website Online Tool
  23. World No 1 Hacker Software
  24. Underground Hacker Sites
  25. Hacking Tools For Windows Free Download
  26. Hacking Tools For Windows
  27. Easy Hack Tools
  28. Pentest Tools Github
  29. Hacking Tools For Windows 7
  30. Tools 4 Hack
  31. Android Hack Tools Github
  32. Hackers Toolbox
  33. Pentest Tools Review
  34. Hacker Hardware Tools
  35. Hackrf Tools
  36. Underground Hacker Sites
  37. Usb Pentest Tools
  38. Hack Tools For Games
  39. Hack Tools 2019
  40. Hacker Security Tools
  41. Free Pentest Tools For Windows
  42. Pentest Tools For Ubuntu
  43. Pentest Tools For Mac
  44. Hack Tools
  45. Blackhat Hacker Tools
  46. Hacking Tools Free Download
  47. Hacking Tools For Windows Free Download
  48. Hacking Tools Windows 10
  49. Hacker Tools Online
  50. Hacking Tools Github
  51. Pentest Tools For Ubuntu
  52. New Hack Tools
  53. Hack Tools Github
  54. How To Hack
  55. Hack Tools Download
  56. Pentest Box Tools Download
  57. Pentest Tools Kali Linux
  58. Hacking Tools For Games
  59. Kik Hack Tools
  60. Hacker Tools For Windows
  61. Pentest Tools For Windows
  62. Hacking Tools Free Download
  63. Hacker Tools List
  64. Hacker Tools For Pc
  65. Pentest Tools Framework
  66. Pentest Tools Find Subdomains
  67. Hacking Tools Name
  68. Pentest Tools Apk
  69. Blackhat Hacker Tools
  70. Hackers Toolbox
  71. Pentest Tools
  72. Hacker Tool Kit
  73. Best Hacking Tools 2020
  74. Hack Tool Apk
  75. Hackers Toolbox
  76. Hacker Hardware Tools
  77. Usb Pentest Tools
  78. Black Hat Hacker Tools
  79. What Is Hacking Tools
  80. Tools For Hacker
  81. Hacking App
  82. Hacker Tools For Mac
  83. Hack Tools Download
  84. Best Hacking Tools 2019
  85. Hack Tools For Pc
  86. Hacker Security Tools
  87. How To Hack
  88. Hack Tools Github
  89. Underground Hacker Sites
  90. Pentest Tools Tcp Port Scanner
  91. Tools For Hacker
  92. Pentest Automation Tools
  93. Hack Tools
  94. Nsa Hack Tools Download

No hay comentarios: