Security Surprises On Firefox Quantum
This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
The zip contains these two files:
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
Related word
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.
Related word
- Pentest Tools Tcp Port Scanner
- Pentest Tools Github
- Easy Hack Tools
- Pentest Tools Android
- Pentest Tools Windows
- Hacking Tools For Windows 7
- Pentest Tools Tcp Port Scanner
- Hacker Tools List
- Hacking Tools 2019
- Hack Tools
- Hackers Toolbox
- Pentest Tools For Android
- Pentest Box Tools Download
- Pentest Tools Online
- Hacker Tools Apk
- Hacker Tool Kit
- Pentest Tools Open Source
- Hacking Tools For Kali Linux
- Hack Tools For Pc
- Wifi Hacker Tools For Windows
- Pentest Tools For Windows
- What Is Hacking Tools
- Hacker Tools Github
- Hacking Tools For Kali Linux
- Pentest Reporting Tools
- Hack And Tools
- Hacker Tools
- Growth Hacker Tools
- Pentest Tools Framework
- Computer Hacker
- Nsa Hacker Tools
- Black Hat Hacker Tools
- Hacking Tools Free Download
- Game Hacking
- Pentest Tools Port Scanner
- Hacker Tools Hardware
- Hacker Tools List
- Hacking Tools Mac
- Termux Hacking Tools 2019
- Hack Rom Tools
- Best Pentesting Tools 2018
- Hacking App
- Hack Rom Tools
- Hack Apps
- Hacker Tools For Mac
- Hacking Tools For Windows 7
- Hacker Tools Apk Download
- Pentest Tools Port Scanner
- Pentest Tools Website Vulnerability
- Hacker Search Tools
- Pentest Automation Tools
- Github Hacking Tools
- Pentest Tools Open Source
- Hak5 Tools
- Hacker Tools Apk Download
- Hack Tools For Windows
- Kik Hack Tools
- Hack Tools Pc
- Hacking Tools For Windows 7
- Tools For Hacker
- Best Hacking Tools 2019
- Hack And Tools
- Pentest Tools Open Source
- Pentest Tools Website
- Pentest Tools Tcp Port Scanner
- Usb Pentest Tools
- Hacker Tool Kit
- World No 1 Hacker Software
- Github Hacking Tools
- Black Hat Hacker Tools
- Hacking Tools For Windows
- Wifi Hacker Tools For Windows
- Kik Hack Tools
- Hack Tools Online
- Pentest Tools Tcp Port Scanner
- Free Pentest Tools For Windows
- Nsa Hacker Tools
- Pentest Tools Kali Linux
- Hack Tools Pc
- Hacking Tools And Software
- Hacking Tools Free Download
- Hack Tools
- Hack Tools
- Hacking Tools For Windows
- Hack Apps
- Wifi Hacker Tools For Windows
- Hacking Tools 2020
- Pentest Tools For Mac
- Hacking Tools For Windows Free Download
- Pentest Tools Free
- Hacking Tools 2019
- Pentest Tools Subdomain
- Hacking Tools Download
- Hacking Tools Name
- Hacking Tools For Windows
- Hacking Tools Name
- Hacker Tools Github
- Hack And Tools
- Bluetooth Hacking Tools Kali
- Hacker Security Tools
- World No 1 Hacker Software
- Hacking Tools For Kali Linux
- Hack Rom Tools
- Pentest Tools Kali Linux
- Hack App
- Hacker Tools Free
- Hacker Tools Software
- What Is Hacking Tools
- Black Hat Hacker Tools
- Hacking Tools For Beginners
- New Hack Tools
- Hack Tools Online
- Pentest Tools For Android
- Hacker Tools For Mac
- Free Pentest Tools For Windows
- Hacker Tools Free
- Pentest Tools For Android
- Pentest Reporting Tools
- Hack Tool Apk No Root
- Pentest Tools Alternative
- Hacker Tools 2020
- Hacker Tools Software
- What Are Hacking Tools
- Hacker Techniques Tools And Incident Handling
- Pentest Tools List
Post a Comment