Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Related posts

• Hacker Tools Apk
• Hacker Tools Windows
• Hacker Hardware Tools
• Growth Hacker Tools
• Bluetooth Hacking Tools Kali
• Hacking Tools Software
• Hacking Tools 2020
• Hacking Tools For Windows 7
• Hack Tools Mac
• Hacking Apps
• How To Install Pentest Tools In Ubuntu
• Growth Hacker Tools
• Hack Tools For Mac
• Hacking Tools And Software
• Hack Rom Tools
• Hack Tool Apk No Root
• Best Hacking Tools 2020
• Termux Hacking Tools 2019
• Hack Tools Download
• Hack Website Online Tool
• Hack Tools For Games
• Pentest Automation Tools
• Nsa Hack Tools
• Hacker Tools Linux
• Pentest Tools For Ubuntu
• Hacking Tools For Beginners
• Hacking Tools Usb
• Pentest Tools Review
• Black Hat Hacker Tools
• Hack Tools Mac
• Hacker Tools
• Game Hacking
• Hacking Tools Pc
• Easy Hack Tools
• Pentest Tools Windows
• Pentest Tools Website Vulnerability
• Pentest Recon Tools
• Hack And Tools
• Hacking Tools Mac
• Hacker Tools Linux
• Hacker Hardware Tools
• Pentest Recon Tools
• Pentest Tools Tcp Port Scanner
• Beginner Hacker Tools
• Hacker Tools Windows
• Tools 4 Hack
• New Hack Tools
• Hacking Tools Download
• Pentest Tools
• Pentest Tools For Android
• Pentest Reporting Tools
• New Hack Tools
• Hacker Tools Apk Download
• Hacker Tools Github
• Hack Apps
• Hacking Tools For Pc
• Hacker Hardware Tools
• Pentest Recon Tools
• Pentest Tools Kali Linux
• Pentest Tools Url Fuzzer
• Pentest Tools Kali Linux
• Pentest Tools Website Vulnerability
• Hacker Tools Free
• Hacking Tools Pc
• Github Hacking Tools
• Hacker Hardware Tools
• Pentest Tools For Windows
• Blackhat Hacker Tools
• Hacking Tools Windows 10
• New Hack Tools
• Hack Tools For Ubuntu
• Pentest Tools
• Best Hacking Tools 2019
• Pentest Tools Website Vulnerability
• Hacker Tools Free
• Kik Hack Tools
• Hacker Tools Hardware
• Pentest Tools Website Vulnerability
• Hacking Tools For Mac
• Pentest Tools Nmap
• Hackers Toolbox
• Hacking Tools For Mac
• Hacker Tools Software
• Hacking Tools Download
• Hacker Tool Kit
• Pentest Tools Apk
• Blackhat Hacker Tools
• Nsa Hacker Tools
• Usb Pentest Tools
• Hacker Tools Hardware
• Pentest Tools For Windows
• Nsa Hack Tools Download
• Hacking Tools Windows
• Nsa Hack Tools
• Pentest Tools Kali Linux
• Pentest Tools Port Scanner
• Hacker Tools Apk Download