Saturday, 22 August 2020

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related word

  1. Pentest Tools For Mac
  2. Hacking Tools For Windows Free Download
  3. Hacker Search Tools
  4. Hack Tools For Games
  5. Hacker Tools For Pc
  6. What Are Hacking Tools
  7. Pentest Tools
  8. Hacking Tools Free Download
  9. Hacking Tools For Windows
  10. Ethical Hacker Tools
  11. Tools Used For Hacking
  12. Pentest Tools Android
  13. Hacking Tools For Pc
  14. Pentest Tools
  15. Hacking Apps
  16. Hacker Tools Linux
  17. Best Hacking Tools 2020
  18. Hack And Tools
  19. Pentest Tools For Ubuntu
  20. Hack Tools 2019
  21. Pentest Tools Bluekeep
  22. Tools Used For Hacking
  23. Pentest Tools For Android
  24. Hacking Tools Kit
  25. Nsa Hack Tools Download
  26. Free Pentest Tools For Windows
  27. New Hack Tools
  28. Hacking Tools For Beginners
  29. Hack Tools Mac
  30. Hacker Hardware Tools
  31. Hack Tools Pc
  32. Best Hacking Tools 2020
  33. Ethical Hacker Tools
  34. Pentest Tools Url Fuzzer
  35. World No 1 Hacker Software
  36. Install Pentest Tools Ubuntu
  37. Hacking Tools For Kali Linux
  38. Hack Tool Apk No Root
  39. Hack Tools Mac
  40. Hacking Tools For Windows Free Download
  41. Hacker
  42. Hacker Tools Free
  43. Hacking Tools For Windows Free Download
  44. Pentest Tools Kali Linux
  45. Hacking Tools Name
  46. Hacking Tools Pc
  47. Hak5 Tools
  48. Hack Tools For Ubuntu
  49. Pentest Tools Find Subdomains
  50. Hacks And Tools
  51. Android Hack Tools Github
  52. Hacker Tools For Pc
  53. Hacking App
  54. How To Install Pentest Tools In Ubuntu
  55. Pentest Box Tools Download
  56. Blackhat Hacker Tools
  57. Free Pentest Tools For Windows
  58. Pentest Tools For Ubuntu
  59. Hacking Tools Usb
  60. Hacker Security Tools
  61. Hacking Tools And Software
  62. Hack Tools Download
  63. Install Pentest Tools Ubuntu
  64. Hacking Tools For Games
  65. Hacker Tools Apk
  66. Hack Tools
  67. Hacking Tools Online
  68. Hack Tools For Pc
  69. Hacker Tools Free Download
  70. Nsa Hacker Tools
  71. Hacking Apps
  72. Pentest Tools Find Subdomains
  73. Hacking Tools Free Download

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)