Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Continue reading

1. Hacker Tools Hardware
2. What Are Hacking Tools
3. Hacking Tools Download
4. Hacker Tools For Mac
5. Hacker Search Tools
6. Pentest Tools Find Subdomains
7. Hacking App
8. Pentest Tools Linux
9. Hackrf Tools
10. Tools 4 Hack
11. Hak5 Tools
12. Pentest Tools Bluekeep
13. Pentest Tools Review
14. Hack Tool Apk No Root
15. Hacking Tools Mac
16. Hacker Tools For Ios
17. Beginner Hacker Tools
18. Hacker
19. Pentest Tools Tcp Port Scanner
20. Pentest Tools Alternative
21. Hacking Tools Hardware
22. Hacking Tools For Mac
23. Pentest Box Tools Download
24. How To Make Hacking Tools
25. Hacker Tools Online
26. Bluetooth Hacking Tools Kali
27. Hack Apps
28. Hacker Security Tools
29. What Is Hacking Tools
30. Hacking Tools
31. Hacking Tools For Mac
32. Hacking Tools For Windows Free Download
33. Hacking Tools 2020
34. Pentest Tools Find Subdomains
35. How To Make Hacking Tools
36. Pentest Tools Download
37. Hacker Tools Free
38. Hack Tools 2019
39. Hacker Tools
40. Pentest Reporting Tools
41. Hacker Tools Windows
42. Hack Tools Github
43. What Are Hacking Tools
44. Hacking Tools Mac
45. Hack Tools For Ubuntu
46. Hack Tools For Pc
47. How To Hack
48. Hacking Tools Download
49. Hacker Tools Hardware
50. Hacking Tools For Windows Free Download
51. Pentest Tools For Mac
52. How To Hack
53. Hacking Tools For Mac
54. Hacking Tools For Games
55. Kik Hack Tools
56. Pentest Tools For Windows
57. Hacker Tools For Mac
58. Pentest Tools Website Vulnerability
59. Termux Hacking Tools 2019
60. Beginner Hacker Tools
61. Pentest Recon Tools
62. Hacking Tools For Windows Free Download
63. Nsa Hacker Tools
64. Pentest Tools Bluekeep
65. Pentest Tools Subdomain
66. Hack Tools For Ubuntu
67. Hacker Tool Kit
68. Black Hat Hacker Tools
69. Best Hacking Tools 2019
70. Hacker Tools 2019
71. Hacker Tools 2019
72. Easy Hack Tools
73. Hack Tools
74. Pentest Tools For Android
75. Pentest Recon Tools
76. Hacking Tools For Beginners
77. Free Pentest Tools For Windows
78. Hack Tools For Games
79. Hacker Tools For Windows
80. Hack Tools Github
81. Hacker Tool Kit
82. Hacking Tools For Pc
83. What Is Hacking Tools
84. Hack Tools
85. Pentest Tools Nmap
86. Pentest Tools Bluekeep
87. Hack Tool Apk
88. Pentest Tools Open Source
89. Android Hack Tools Github
90. Hacking Apps
91. Hacker Security Tools
92. Hacker Tool Kit
93. Hack Tools 2019
94. Pentest Tools Subdomain
95. Hacking Tools For Windows Free Download
96. Best Pentesting Tools 2018
97. Hacking Tools Free Download
98. What Are Hacking Tools
99. Hacker Tools Online
100. Tools For Hacker
101. Hacker Tools For Mac
102. Pentest Tools Website Vulnerability
103. Hacking Tools Pc
104. Hacker Tools Software
105. Pentest Tools List
106. Pentest Tools Free
107. Tools 4 Hack
108. Beginner Hacker Tools
109. Hacking Tools Usb