Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Related word

1. Game Hacking
2. What Is Hacking Tools
3. Pentest Tools For Windows
4. Hacker Tools Hardware
5. Pentest Tools Linux
6. Pentest Tools Download
7. Hack Apps
8. Hacker Tools 2020
9. Hacking Tools For Windows 7
10. Hack Tools Github
11. Hackrf Tools
12. Pentest Tools
13. Pentest Tools Kali Linux
14. Pentest Automation Tools
15. Pentest Tools Find Subdomains
16. Nsa Hack Tools
17. Hacker Techniques Tools And Incident Handling
18. How To Install Pentest Tools In Ubuntu
19. Pentest Tools For Windows
20. Hacking Tools Pc
21. Tools For Hacker
22. Hackrf Tools
23. How To Hack
24. Hacker Techniques Tools And Incident Handling
25. Usb Pentest Tools
26. Hacker Tools For Pc
27. Hacker Search Tools
28. Hacking Tools Hardware
29. Pentest Tools Download
30. Nsa Hack Tools Download
31. Usb Pentest Tools
32. Hacking Tools Download
33. Hack Tools For Windows
34. Termux Hacking Tools 2019
35. Hack Tools For Pc
36. Hacking Tools Software
37. Hack Website Online Tool
38. Top Pentest Tools
39. What Is Hacking Tools
40. Pentest Tools Nmap
41. Pentest Automation Tools
42. Hack Tools Github
43. How To Install Pentest Tools In Ubuntu
44. Hak5 Tools
45. New Hack Tools
46. Hacker Tools Apk Download
47. Hacker Tools Apk Download
48. Hacker Tools For Pc
49. Hacking Tools Usb
50. Kik Hack Tools
51. Pentest Recon Tools
52. Game Hacking
53. Hack Tools For Ubuntu
54. Pentest Tools Apk
55. Best Hacking Tools 2020
56. Hak5 Tools
57. Pentest Tools Website
58. Pentest Tools Url Fuzzer
59. Hacking App
60. Hacker Tools 2019
61. Pentest Tools For Mac
62. Hacker
63. Hack Tools
64. Hacks And Tools
65. Pentest Tools Tcp Port Scanner
66. Hack Tools Online
67. How To Make Hacking Tools
68. Termux Hacking Tools 2019
69. Pentest Automation Tools
70. Pentest Tools Download
71. Nsa Hacker Tools
72. Best Hacking Tools 2019
73. Hacking Tools Download
74. Pentest Tools Android
75. Pentest Tools Port Scanner
76. Hack Tools