Monday, May 29, 2023

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More articles
  1. Hack Tool Apk No Root
  2. Hacker Tools For Mac
  3. Pentest Tools Github
  4. Hacking Tools Hardware
  5. Pentest Tools Website Vulnerability
  6. Hack Tool Apk
  7. Usb Pentest Tools
  8. Hacking Tools For Kali Linux
  9. Hacker Tools Online
  10. Pentest Tools Open Source
  11. Hacking Tools 2019
  12. Pentest Tools Subdomain
  13. Hacker Security Tools
  14. Pentest Tools Nmap
  15. Pentest Tools Windows
  16. Hacker Tools List
  17. Hack And Tools
  18. Hack Tools Github
  19. Hack Tool Apk
  20. Hacking Tools For Mac
  21. World No 1 Hacker Software
  22. Pentest Tools For Windows
  23. Tools Used For Hacking
  24. Github Hacking Tools
  25. Computer Hacker
  26. Black Hat Hacker Tools
  27. Hacker Search Tools
  28. Hacking Tools For Windows 7
  29. Hacker Tools Mac
  30. Termux Hacking Tools 2019
  31. Ethical Hacker Tools
  32. Pentest Recon Tools
  33. Pentest Tools List
  34. Pentest Tools Bluekeep
  35. Hacking Apps
  36. Hack Tools For Mac
  37. Hacking Tools Pc
  38. Hack Tools Online
  39. Free Pentest Tools For Windows
  40. Pentest Reporting Tools
  41. Nsa Hacker Tools
  42. Hacker Tools Linux
  43. Pentest Tools Website
  44. Ethical Hacker Tools
  45. Hack Tools Github
  46. Hacking Tools For Games
  47. Hack Tools 2019
  48. Hack Tools Mac
  49. Hacking Tools Download
  50. Pentest Tools Free
  51. Hacker Tools List
  52. Pentest Tools
  53. Pentest Tools Linux
  54. Pentest Reporting Tools
  55. Pentest Tools Website Vulnerability
  56. Hack Tool Apk No Root
  57. Hacker Tools 2019
  58. Pentest Tools Find Subdomains
  59. Hacker Search Tools
  60. Hacker Tools For Pc
  61. Hacking App
  62. Hacking Tools For Kali Linux
  63. Hack Tool Apk No Root
  64. Hacker Tools Online
  65. Hack Tools For Ubuntu
  66. Hacking Tools For Beginners
  67. Game Hacking
  68. Best Hacking Tools 2019
  69. Hack App
  70. Hacker Tools Software
  71. Tools Used For Hacking
  72. Hack Tools Github
  73. Kik Hack Tools
  74. Pentest Tools Android
  75. Hacker Security Tools
  76. Termux Hacking Tools 2019
  77. Hack Tools Online
  78. Hacking Tools For Beginners
  79. Hack Tools Pc
  80. Hacker Hardware Tools
  81. Hack Website Online Tool
  82. Hacker Tools For Mac
  83. Pentest Tools Github
  84. Hacker Tools Github
  85. Black Hat Hacker Tools
  86. Pentest Tools Subdomain
  87. Blackhat Hacker Tools
  88. Hacker Tools Hardware
  89. Hacking Tools Windows
  90. Hack Rom Tools
  91. Pentest Tools List
  92. How To Hack
  93. What Is Hacking Tools
  94. Pentest Reporting Tools
  95. Hacking Tools Mac
  96. Hacking Tools For Pc
  97. Hacks And Tools
  98. Pentest Tools Windows
  99. Hacker Hardware Tools
  100. Bluetooth Hacking Tools Kali
  101. Hacker Tools For Pc
  102. Hack Tools Download
  103. Hack Tools Online
  104. Blackhat Hacker Tools
  105. Hacking Tools Usb
  106. Tools For Hacker
  107. Underground Hacker Sites
  108. Pentest Tools
  109. Pentest Box Tools Download
  110. Hack Tools For Mac
  111. Best Pentesting Tools 2018
  112. Free Pentest Tools For Windows
  113. Hacking Tools For Pc
  114. Pentest Tools Website Vulnerability
  115. How To Hack
  116. Hack Tools For Ubuntu
  117. Best Hacking Tools 2019
  118. Pentest Tools Url Fuzzer
  119. Pentest Tools Tcp Port Scanner
  120. Pentest Recon Tools
  121. Kik Hack Tools
  122. Hack Tools Online
  123. Hack Website Online Tool
  124. Hacker Search Tools
  125. Hacking Tools And Software
  126. Hacking Tools For Windows Free Download
  127. Hacking Tools Github
  128. Github Hacking Tools
  129. What Are Hacking Tools
  130. Android Hack Tools Github
  131. Hacker Tools Mac
  132. Hacking App
  133. Hacking Tools Windows
  134. Hacking Tools Software
  135. Pentest Tools Nmap
  136. Best Pentesting Tools 2018
  137. Tools For Hacker
  138. What Is Hacking Tools
  139. Pentest Tools
  140. Hacker Tools Mac
  141. What Are Hacking Tools
  142. Hacking Tools Software
  143. Hacking Tools 2019
  144. Top Pentest Tools
  145. Pentest Recon Tools
  146. Hack Tools Online
  147. Hacking Tools And Software
  148. Hack Tools For Windows
  149. Hacker Tools For Mac
  150. Hacker Tools For Pc
  151. Black Hat Hacker Tools
  152. How To Hack
  153. Hack Tools Github
  154. Bluetooth Hacking Tools Kali
  155. Hacker Tools Online
  156. Hacker
  157. Hack Apps
  158. Tools Used For Hacking
  159. Hacker Tools For Pc
  160. Hak5 Tools
  161. Pentest Tools Kali Linux
  162. Hacker Tools
Author at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)