Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Read more

• Hacking Tools And Software
• Hacker Tools Github
• Hacking Tools Mac
• Hacker Tools For Windows
• Pentest Tools Android
• Pentest Tools Website Vulnerability
• Hacker
• Pentest Tools Nmap
• Pentest Tools Apk
• Hackrf Tools
• Hacking Tools For Windows
• Hacker Tools Windows
• Pentest Tools Find Subdomains
• Github Hacking Tools
• Hacking Tools For Windows Free Download
• Hacker Tools Github
• How To Hack
• Hack Tools For Pc
• Hacking App
• Pentest Tools Tcp Port Scanner
• Free Pentest Tools For Windows
• Hack And Tools
• Hacker Security Tools
• Nsa Hacker Tools
• Hacking Tools Windows 10
• Growth Hacker Tools
• Hacker Tool Kit
• Pentest Tools For Windows
• Hacking Tools For Kali Linux
• Hacking Tools Name
• Hacking Tools For Mac
• Hacking Apps
• Hacker Tools Apk
• Hacker Tools Apk Download
• Pentest Tools Alternative
• Pentest Tools Download
• Pentest Tools Apk
• Hacks And Tools
• Install Pentest Tools Ubuntu
• Pentest Tools Apk
• Hacker Tools For Pc
• Pentest Tools Review
• Usb Pentest Tools
• Pentest Tools Free
• Hack Tools
• Pentest Tools Windows
• Pentest Tools Review
• Hack Tools Pc
• Pentest Tools For Android
• New Hack Tools
• Github Hacking Tools
• How To Make Hacking Tools
• Hacking Apps
• New Hack Tools
• Hacking Tools And Software
• Pentest Tools Github
• Hacks And Tools
• Pentest Automation Tools
• Hacking Tools For Windows 7
• Underground Hacker Sites
• Hacker Tools For Ios
• Pentest Tools Framework
• Hacking Tools Mac
• Pentest Tools Alternative
• Hacking Tools Kit
• Beginner Hacker Tools
• Hacker Tools Linux
• Hack Tools Download
• Ethical Hacker Tools
• Hacker Tools Free
• Hacker Tools Software
• Hack Tools Pc
• Pentest Tools Linux
• Nsa Hack Tools Download
• Tools 4 Hack
• Hack Tools
• Hacker Tools For Ios
• Hacking App
• Tools For Hacker
• What Are Hacking Tools
• Pentest Tools Subdomain
• Hacker Tools For Pc
• Hacking Apps
• Pentest Tools Github
• Pentest Tools Alternative
• Hack Tools
• Hack Tools Github
• Hacker Tools For Mac
• Hacker
• Game Hacking
• What Are Hacking Tools
• Tools For Hacker
• Hacking Tools For Windows Free Download
• Pentest Tools Review
• Hacker Tools For Pc
• Hack App
• Tools For Hacker
• Hack Rom Tools
• Growth Hacker Tools
• Pentest Reporting Tools
• Hackrf Tools
• Pentest Tools Open Source
• Pentest Reporting Tools
• Hacking Tools For Mac
• Hack Tools Github
• Hacker Tools Online
• Hack Tools For Windows
• Hack Tools For Games
• Termux Hacking Tools 2019
• Growth Hacker Tools
• Hacking Tools Download
• Hacking Tools Mac
• Nsa Hacker Tools
• Hacker Tools Mac
• Hacking Tools Hardware
• Hacker Tools Mac