Friday, June 2, 2023

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related posts
  1. Hacker Tools For Windows
  2. Hack Website Online Tool
  3. What Is Hacking Tools
  4. Pentest Tools List
  5. Hackrf Tools
  6. Nsa Hack Tools
  7. Hacking Tools Mac
  8. Tools 4 Hack
  9. Pentest Tools For Ubuntu
  10. Pentest Tools Framework
  11. Computer Hacker
  12. Hack Tool Apk No Root
  13. Hack Tools For Ubuntu
  14. Hacking Tools For Windows
  15. Hacking Tools For Windows
  16. Hacking Tools Windows
  17. Hacker Tools Hardware
  18. Hack Website Online Tool
  19. Hacker Tools For Windows
  20. Pentest Box Tools Download
  21. Hacker Tools For Mac
  22. Hacking Tools Kit
  23. Hacking Tools For Beginners
  24. Pentest Tools For Windows
  25. Hack Rom Tools
  26. Free Pentest Tools For Windows
  27. Pentest Tools For Windows
  28. Hacking Tools For Windows Free Download
  29. Best Pentesting Tools 2018
  30. Hack App
  31. Best Hacking Tools 2019
  32. Hacking Tools Mac
  33. Hacking Tools Windows
  34. Hacker Tools Apk Download
  35. World No 1 Hacker Software
  36. Hacker Tools Github
  37. Pentest Tools For Mac
  38. Pentest Tools Framework
  39. Pentest Tools Kali Linux
  40. Hacking Tools 2019
  41. Pentest Tools Android
  42. Underground Hacker Sites
  43. Hacker Tools Online
  44. Pentest Tools Github
  45. Easy Hack Tools
  46. Hacking Tools For Windows 7
  47. Pentest Tools Review
  48. Bluetooth Hacking Tools Kali
  49. World No 1 Hacker Software
  50. Pentest Tools Android
  51. Pentest Tools Android
  52. Hack Website Online Tool
  53. Hacking Tools Software
  54. Hacking App
  55. Hack Tools For Games
  56. Pentest Tools
  57. How To Install Pentest Tools In Ubuntu
  58. Hacking Tools And Software
  59. Hacking Tools Software
  60. Hacker Tools Online
  61. Hack Tools For Pc
  62. Pentest Tools Online
  63. Hacking Tools For Pc
  64. Hacker Tools Linux
  65. Hack Tool Apk No Root
  66. Underground Hacker Sites
  67. Hacker Tools Free
  68. Hackers Toolbox
  69. Hacker Tools For Windows
  70. Pentest Tools
  71. Bluetooth Hacking Tools Kali
  72. Hack App
  73. Hacker Tools For Windows
  74. Hack Tools Mac
  75. Pentest Tools Tcp Port Scanner
  76. Pentest Tools Subdomain
  77. Pentest Tools Framework
  78. Hacker Tools List
  79. Hacker Tools For Ios
  80. Hack Tools For Pc
  81. Hack Tools For Windows
  82. Hacker Techniques Tools And Incident Handling
  83. Pentest Tools For Ubuntu
  84. Hacker Tools List
  85. Hacking Tools For Kali Linux
  86. Hack Tools For Games
  87. Nsa Hack Tools
  88. Hacker Tools
  89. Hacking Tools 2020
  90. Physical Pentest Tools
  91. Hacker Tools Free Download
  92. Hacker Hardware Tools
  93. Wifi Hacker Tools For Windows
  94. Black Hat Hacker Tools
  95. Github Hacking Tools
  96. Hacker Tools Github
  97. Pentest Tools For Windows
  98. Hackrf Tools
  99. Pentest Tools Open Source
  100. Pentest Tools Find Subdomains
  101. Kik Hack Tools
  102. Hacking App
  103. Hacking Tools Software
  104. Pentest Recon Tools
  105. Pentest Tools Windows
  106. Hak5 Tools
  107. Hack Tools 2019
  108. Pentest Tools Open Source
  109. Hack And Tools
  110. Hack Tools For Mac
  111. Hack Tools
  112. Hack Tools
  113. Pentest Tools Online
  114. Pentest Tools
  115. Hacking Tools Software
  116. Hack Tool Apk
  117. Hak5 Tools
  118. Pentest Tools Bluekeep
  119. Pentest Tools Nmap
  120. Ethical Hacker Tools
  121. Hacker
  122. Hack Tools For Windows
  123. Wifi Hacker Tools For Windows
  124. Pentest Reporting Tools
  125. Pentest Tools Android
  126. Nsa Hack Tools Download
  127. Hacking Tools Name
  128. Beginner Hacker Tools
  129. Hack Tools For Games
  130. World No 1 Hacker Software
  131. Usb Pentest Tools
  132. Hack App
  133. What Are Hacking Tools
  134. Hack Tool Apk No Root
  135. Hacking Tools And Software
  136. Hacking Tools And Software
  137. Hacking Tools
  138. Best Pentesting Tools 2018
  139. Hacking Tools Mac
  140. Usb Pentest Tools
  141. Hack Tools Mac
  142. Tools Used For Hacking
  143. Pentest Tools Website
  144. Pentest Tools Windows
  145. Tools 4 Hack
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)