Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Related posts

• Hacker Tools Mac
• Pentest Tools Review
• Nsa Hack Tools Download
• Pentest Box Tools Download
• What Are Hacking Tools
• Hack Tools For Ubuntu
• Wifi Hacker Tools For Windows
• Hacker Tools
• New Hack Tools
• Pentest Automation Tools
• Physical Pentest Tools
• Hacker Hardware Tools
• Pentest Tools Android
• Hack Tool Apk No Root
• Best Hacking Tools 2019
• Pentest Tools List
• Hack Tools 2019
• Hacking Tools Free Download
• Pentest Tools For Mac
• Hacker Tools Online
• Hack Rom Tools
• Hack Tools
• Computer Hacker
• Top Pentest Tools
• Hacker Tools Apk
• Pentest Tools Alternative
• Hacking Tools 2019
• Hacker Tool Kit
• Wifi Hacker Tools For Windows
• Hack Tools For Mac
• Hacker Tools Online
• Growth Hacker Tools
• Hacking Tools
• Hack Tools Github
• Hacking Tools Software
• Pentest Tools For Mac
• Pentest Tools Url Fuzzer
• Hacking Tools Software
• Pentest Tools Port Scanner
• Tools 4 Hack
• Tools 4 Hack
• Hack Tools For Mac
• Nsa Hacker Tools
• Physical Pentest Tools
• Hack Apps
• Hacking Tools
• Hacker Tools Free Download
• Pentest Tools List
• Hackers Toolbox
• Hacking Tools Github
• Hacker Tools Online
• Pentest Tools Windows
• Hacking Tools For Pc
• Top Pentest Tools
• Hacking Tools Software
• Hacker Tools Windows
• Hacker Security Tools
• Hacking Tools 2020
• Hackers Toolbox
• Hacker
• Best Hacking Tools 2020
• Hacker Tools For Pc
• Pentest Recon Tools
• Hacks And Tools
• Hacks And Tools
• Hacker Tools Software
• Hacking Tools Free Download
• Hacker
• Pentest Tools For Windows
• Hacking Tools For Mac
• Pentest Tools For Android