Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Continue reading

1. Nsa Hack Tools
2. Hack Tools 2019
3. Hacking Tools For Games
4. Hack Tools For Pc
5. Hacker Tools Free
6. Pentest Tools Framework
7. Hacker
8. World No 1 Hacker Software
9. Hacker Tools Mac
10. Hack Tools For Games
11. Hack Tools For Mac
12. Hacking Tools Software
13. Top Pentest Tools
14. Hacking Tools Software
15. Hacking Tools Free Download
16. Hacking Tools Windows
17. Hacker Tools Apk
18. Pentest Tools For Android
19. Hacker Tools Linux
20. Pentest Tools For Mac
21. Hacker Tools For Ios
22. Hacking Tools Online
23. Pentest Tools Review
24. Hacker Tools Free Download
25. Pentest Tools Android
26. Usb Pentest Tools
27. Computer Hacker
28. Hacker Tools Software
29. Usb Pentest Tools
30. Hacker Tools Mac
31. Pentest Tools Tcp Port Scanner
32. Pentest Tools Alternative
33. Hacking Tools Software
34. Hacking Tools Windows
35. Pentest Tools Online
36. Hacking Tools For Windows Free Download
37. Hacking Tools For Games
38. Pentest Tools Subdomain
39. Pentest Reporting Tools
40. Pentest Tools Find Subdomains
41. Hack Tools Github
42. Tools For Hacker
43. Hacking Tools Hardware
44. Hacker Tools For Ios
45. Hacking Tools For Windows
46. Pentest Tools Windows
47. Pentest Tools Website
48. Pentest Tools Framework
49. Pentest Tools For Ubuntu
50. Hacking Tools And Software
51. Hack Tools Download
52. Hacker Search Tools
53. Install Pentest Tools Ubuntu
54. Hacking Tools For Windows
55. Hack App
56. Pentest Tools Kali Linux
57. Bluetooth Hacking Tools Kali
58. Wifi Hacker Tools For Windows
59. Pentest Reporting Tools
60. Hacking App
61. Pentest Tools List
62. Hack App
63. Pentest Box Tools Download
64. Pentest Automation Tools
65. Pentest Tools Bluekeep
66. Hack Tools For Games
67. Hacking Tools
68. Ethical Hacker Tools
69. Android Hack Tools Github
70. Hack Tools

Jangan Lupa di Share yaaa... !!!! Klik tombol dibawah ini