Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

More articles

1. Hacker Tools 2020
2. Pentest Tools
3. Hacking Tools Online
4. Pentest Tools Apk
5. Pentest Tools Website
6. Pentest Tools Url Fuzzer
7. Hack App
8. Hacker Tools List
9. Pentest Tools Review
10. Wifi Hacker Tools For Windows
11. Hacking Tools Github
12. Game Hacking
13. Hack Tools Github
14. Hackers Toolbox
15. Pentest Tools Kali Linux
16. Hack Tool Apk No Root
17. Pentest Tools List
18. Computer Hacker
19. Hack Tools For Pc
20. Hacker Tools
21. Hacking Tools For Kali Linux
22. Hacking Tools Github
23. Hacking Tools Mac
24. Hacker Tools 2020
25. Pentest Reporting Tools
26. Hacker Tools 2020
27. Hacking Tools Mac
28. Termux Hacking Tools 2019
29. Usb Pentest Tools
30. Pentest Tools Website Vulnerability
31. Nsa Hack Tools Download
32. Hackrf Tools
33. Hack Tools For Pc
34. Hacking Tools For Windows Free Download
35. Install Pentest Tools Ubuntu
36. Usb Pentest Tools
37. Hacker Tools 2020
38. Hacking Tools For Mac
39. Pentest Tools Url Fuzzer
40. What Are Hacking Tools
41. Hacking Tools Windows 10
42. Hacking Tools Kit
43. Usb Pentest Tools
44. How To Install Pentest Tools In Ubuntu
45. Top Pentest Tools
46. Hack Tool Apk
47. Beginner Hacker Tools
48. Hacker Security Tools
49. Nsa Hack Tools
50. Hack Tools For Games
51. Hacker
52. Pentest Tools
53. Hacking Tools 2019
54. Hack Rom Tools
55. Hack Tools
56. Growth Hacker Tools
57. Pentest Tools List
58. Hacking Tools 2019
59. Hacking Tools Download
60. Hack Apps
61. Hack Apps
62. Underground Hacker Sites
63. Hack Tools Online
64. Hacking Tools For Games
65. Hacker Tools Software
66. Pentest Tools Github
67. Hacks And Tools
68. Pentest Tools Apk
69. Pentest Reporting Tools
70. Hacking Tools Github