domingo, 21 de enero de 2024

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More articles


  1. Hacker Tools 2019
  2. Free Pentest Tools For Windows
  3. Pentest Tools Android
  4. Pentest Tools Website
  5. Hack Tools For Windows
  6. Pentest Tools List
  7. Hacking Tools Github
  8. Pentest Tools Website Vulnerability
  9. Hacker Tool Kit
  10. Hacker Tools Windows
  11. Hacking Tools And Software
  12. Pentest Tools Kali Linux
  13. Hacker Tools For Ios
  14. Pentest Tools Windows
  15. Pentest Tools Online
  16. Github Hacking Tools
  17. Hack Tools 2019
  18. Pentest Tools For Windows
  19. Hacker
  20. Hacker Tools Linux
  21. Hacker Tools Free
  22. Hacker Tools For Mac
  23. Hacker Tools For Ios
  24. Pentest Box Tools Download
  25. Easy Hack Tools
  26. Wifi Hacker Tools For Windows
  27. Hack Tools
  28. Pentest Tools Free
  29. Hacking Tools For Mac
  30. Hack Tools For Pc
  31. Pentest Tools Tcp Port Scanner
  32. Hack Tool Apk
  33. Hack Tool Apk
  34. Hacker Tools Github
  35. Free Pentest Tools For Windows
  36. Hack Tool Apk No Root
  37. Hacker Tools Windows
  38. Hak5 Tools
  39. Hack Apps
  40. Pentest Tools List
  41. What Are Hacking Tools
  42. Hacking Tools For Windows Free Download
  43. Nsa Hacker Tools
  44. Pentest Tools Nmap
  45. Hack Tools For Pc
  46. Tools For Hacker
  47. Hack Tools For Windows
  48. Tools For Hacker
  49. Hack App
  50. Pentest Automation Tools
  51. Hacking Tools Windows
  52. Free Pentest Tools For Windows
  53. Pentest Tools Open Source
  54. Pentest Reporting Tools
  55. Hacking Tools For Windows 7
  56. Hacking Tools Download
  57. Hacker
  58. Hacking Tools 2019
  59. Pentest Tools Framework
  60. Pentest Recon Tools
  61. Hacking Tools And Software
  62. Wifi Hacker Tools For Windows
  63. Hack Tools For Windows
  64. Pentest Tools For Windows
  65. Hacker Tools For Mac
  66. Underground Hacker Sites
  67. Hack Website Online Tool
  68. Hacking Tools Free Download
  69. Hack Tools
  70. Pentest Tools Download
  71. Hacker Tools Linux
  72. Hacking Tools And Software
  73. Pentest Automation Tools
  74. Hacking Tools Usb
  75. Hacker Tools For Ios
  76. Hack Tools Mac
  77. Usb Pentest Tools
  78. Blackhat Hacker Tools
  79. Best Pentesting Tools 2018
  80. Pentest Tools For Mac
  81. Pentest Tools Review
  82. Hack Tools For Ubuntu
  83. Hacking Tools For Pc
  84. Hackrf Tools
  85. Ethical Hacker Tools
  86. Pentest Tools Review
  87. Easy Hack Tools
  88. Pentest Recon Tools
  89. Pentest Tools Open Source
  90. Pentest Tools Website
  91. Hacking Tools Windows 10
  92. Hacking App
  93. Hacking Tools Pc
  94. Hacking Tools For Beginners
  95. Hack Tools For Pc
  96. New Hack Tools
  97. Hacker Hardware Tools
  98. Usb Pentest Tools
Publicado por en

No hay comentarios:

Publicar un comentario

Nota: solo los miembros de este blog pueden publicar comentarios.

Suscribirse a: Enviar comentarios (Atom)