Web Search

Custom Search

Search Results

Monday, January 22, 2024

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More articles
  1. Top Pentest Tools
  2. Pentest Reporting Tools
  3. Hacker Tools For Ios
  4. Wifi Hacker Tools For Windows
  5. Hacker Tools Free Download
  6. Hacker Tools Windows
  7. Pentest Tools Website
  8. Hacker Tools Hardware
  9. Usb Pentest Tools
  10. Hack Tools For Games
  11. Pentest Tools Windows
  12. Hacking Tools Name
  13. Pentest Tools Linux
  14. Hacking Tools
  15. Pentest Tools For Android
  16. Free Pentest Tools For Windows
  17. Hacker Tools For Pc
  18. Pentest Tools Framework
  19. Pentest Tools For Mac
  20. Hack Tools Mac
  21. Physical Pentest Tools
  22. Pentest Tools Framework
  23. Hack Tools 2019
  24. Pentest Tools Free
  25. Hacker Tools Software
  26. Hack Tools Online
  27. Pentest Tools Download
  28. Hacking Tools Software
  29. Hacker Techniques Tools And Incident Handling
  30. Pentest Tools Kali Linux
  31. Hacker Tools For Pc
  32. Hacker
  33. Hacking Tools For Windows 7
  34. Termux Hacking Tools 2019
  35. Hacker Tools 2019
  36. Hacking Tools For Games
  37. Hack Tool Apk No Root
  38. Tools For Hacker
  39. Hacker Tools Linux
  40. Ethical Hacker Tools
  41. Hack Tools Download
  42. Hacker Tools
  43. Hacking Tools Mac
  44. Hack Rom Tools
  45. Nsa Hack Tools
  46. Hacking Tools Name
  47. Hacking Tools For Pc
  48. Pentest Tools Free
  49. Hacker Tools 2020
  50. Hack Tools
  51. Pentest Tools For Windows
  52. Hacker Tools 2019
  53. Hacking Tools Github
  54. Pentest Tools Nmap
  55. Hacking Tools Name
  56. Hacking Tools For Windows
  57. Blackhat Hacker Tools
  58. Hack Tools Online
  59. Hacking Tools Windows
  60. What Are Hacking Tools
  61. Hacking Tools Online
  62. Hacking Tools Hardware
  63. Hacking Tools Name
  64. Top Pentest Tools
  65. Termux Hacking Tools 2019
  66. Github Hacking Tools
  67. Hacking Tools For Mac
  68. Hacker Tools Free
  69. Hacker Hardware Tools
  70. Beginner Hacker Tools
  71. Pentest Tools Review
  72. Hacking Tools Usb
  73. Hacker Tools Apk Download
  74. Pentest Tools Website Vulnerability
  75. Hacker Tool Kit
  76. Pentest Tools Alternative
  77. Hack Tools Mac
  78. Github Hacking Tools
  79. Usb Pentest Tools
  80. Hacker Tools 2020
  81. Hacking Tools For Windows
  82. Hacking Tools For Mac
  83. How To Hack
  84. Hacking Tools Github
  85. Ethical Hacker Tools
  86. Hacking Tools Usb
  87. Hacking Tools Online
  88. Pentest Tools For Android
  89. How To Hack
  90. Nsa Hacker Tools
  91. Hack Website Online Tool
  92. What Is Hacking Tools
  93. Install Pentest Tools Ubuntu
  94. Pentest Tools Nmap
  95. Hackers Toolbox
  96. Nsa Hack Tools Download
  97. Hacking Tools Free Download
  98. Pentest Box Tools Download
  99. Pentest Tools Bluekeep
  100. Growth Hacker Tools
  101. Best Pentesting Tools 2018
  102. Hacking Tools Mac
  103. Tools For Hacker
  104. Hackers Toolbox
  105. Pentest Tools Free
  106. Hacker Techniques Tools And Incident Handling
  107. Hacker Tools Free
  108. Hacking Tools For Games
  109. Hacking Tools 2020
  110. Hack App
  111. Tools For Hacker
  112. Hacker Security Tools
  113. Hacker Tools List
  114. Pentest Tools List
  115. Hacker Tools Free Download
  116. Hacking Tools Pc
  117. Hacking Tools Pc
  118. Pentest Tools For Ubuntu
  119. Blackhat Hacker Tools
  120. Pentest Recon Tools
  121. Pentest Tools Url Fuzzer
  122. Ethical Hacker Tools
  123. Growth Hacker Tools
  124. Hacker Tools List
  125. Pentest Tools For Mac
  126. Hack Tool Apk
  127. Hacking Apps
  128. How To Make Hacking Tools
  129. Pentest Tools Download
  130. Hacking Tools For Windows Free Download
  131. Usb Pentest Tools
  132. Hacker Tools Linux

No comments: