Security Surprises On Firefox Quantum
This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
The zip contains these two files:
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.
Related articles
- Hacking Tools Github
- Pentest Tools Android
- Underground Hacker Sites
- Hacker Tools Online
- Hacking Apps
- Hack Tool Apk No Root
- Easy Hack Tools
- Pentest Tools List
- Pentest Automation Tools
- Hack Tools 2019
- Usb Pentest Tools
- Pentest Tools Kali Linux
- New Hacker Tools
- Hacking Tools For Kali Linux
- Pentest Tools Url Fuzzer
- Hacking Tools For Games
- Pentest Tools Online
- Pentest Tools Website
- Hacking Tools Free Download
- Hacking Tools Name
- Hacking Tools For Games
- Hacking Tools For Windows 7
- Hackers Toolbox
- Hacking Tools For Windows
- Hacking Apps
- Pentest Tools Kali Linux
- Hacker Search Tools
- Hacking Tools Windows 10
- Usb Pentest Tools
- Hacker Tools For Mac
- Hacking Tools For Pc
- Hack Tools For Mac
- Hack Website Online Tool
- Tools 4 Hack
- Tools For Hacker
- Hacking App
- Hack Rom Tools
- Hacking Tools 2019
- Wifi Hacker Tools For Windows
- Hacker Tools Github
- Hacking Tools Windows
- Free Pentest Tools For Windows
- Hacker Tools For Ios
- Hack Rom Tools
- Pentest Reporting Tools
- New Hacker Tools
- Pentest Tools List
- Beginner Hacker Tools
- Hacking Tools For Windows Free Download
- Beginner Hacker Tools
- Hack Tools Online
- Kik Hack Tools
- How To Hack
- Hack Tool Apk No Root
- Pentest Tools
- Pentest Tools Find Subdomains
- Hacking Tools Kit
- Hacking Tools Github
- What Are Hacking Tools
- Hacker Tools 2020
- Pentest Box Tools Download
- Hack Tools Download
- Pentest Tools Kali Linux
- What Are Hacking Tools
- Nsa Hack Tools
- Best Pentesting Tools 2018
- Hacker Tools Apk Download
- Hacker Tools Hardware
- Pentest Tools Apk
- Hack Tools Download
- Hacking Tools Online
- Hacker Tools 2019
- Hacker Tools For Windows
- Hacking Tools Kit
posted by ericsonelectronics @ 8/31/2020 02:37:00 a. m.
0COMENTARIOS
0 Comments:
Publicar un comentario
<< Home