Security Surprises On Firefox Quantum
This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
The zip contains these two files:
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.
Related posts
- Install Pentest Tools Ubuntu
- Hack Tools For Games
- Blackhat Hacker Tools
- What Is Hacking Tools
- Hack App
- Kik Hack Tools
- Hacker Tools Online
- Install Pentest Tools Ubuntu
- Hacker Tools Mac
- Pentest Tools Download
- Hacking Tools Usb
- Hackers Toolbox
- Black Hat Hacker Tools
- Pentest Tools For Ubuntu
- Hack Tools Mac
- Pentest Tools Framework
- Pentest Tools For Android
- Hacker Tools For Ios
- Pentest Tools Website
- Black Hat Hacker Tools
- Hacker Tools Github
- Hacking Tools Online
- Hacker Tools List
- Hacking Tools Hardware
- Hacker Tools Apk Download
- Hacker Tools Github
- Pentest Tools For Windows
- Tools For Hacker
- Kik Hack Tools
- Hacker Tools For Pc
- Hacker Tools Mac
- Hacker Tools For Ios
- Hacking Tools For Games
- Hacker Hardware Tools
- Beginner Hacker Tools
- Hacker Tools For Windows
- Hacking Tools Windows 10
- Hacker Tools For Ios
- Hackers Toolbox
- Hack And Tools
- Install Pentest Tools Ubuntu
- Hacker Tools Hardware
- Best Pentesting Tools 2018
- Pentest Tools Linux
- Free Pentest Tools For Windows
- Pentest Tools Framework
- Pentest Tools Free
- Hack Tools For Pc
- Hacker
- Free Pentest Tools For Windows
- Hacker Tools List
- Bluetooth Hacking Tools Kali
- New Hack Tools
- Hacking Tools For Windows 7
- Black Hat Hacker Tools
- Hack Website Online Tool
- Github Hacking Tools
- Hacker Tools List
- Tools For Hacker
- Hacking Tools For Windows
- Blackhat Hacker Tools
- Hacking Tools 2020
- Pentest Tools List
- Termux Hacking Tools 2019
- Pentest Box Tools Download
- Hacking Tools Download
- Nsa Hack Tools Download
- Pentest Tools Linux
- Hacker Tools For Ios
- Hacker Tools List
- Hack Tools Online
- Hacking Tools Hardware
- New Hack Tools
- Hacking Tools For Windows Free Download
- Hacking Tools For Pc
- Physical Pentest Tools
- Hacking Tools Windows
- Hacker Hardware Tools
- Hack Tools Github
- Hack And Tools
- Pentest Recon Tools
- Hack Tools Mac
- Hacker Tools Github
- Hacking Tools For Beginners
- World No 1 Hacker Software
- New Hacker Tools
- Hacker Tools Apk
- Hack App
- What Is Hacking Tools
- Hacking Tools For Windows 7
- Hacking Tools Windows
- Pentest Tools Subdomain
- Hacking Tools For Windows 7
- Hacking Tools For Beginners
- Pentest Tools Nmap
- Hacker Tools For Windows
- Blackhat Hacker Tools
- Hacker Tools For Mac
- Pentest Tools
- Nsa Hack Tools Download
- Pentest Box Tools Download
- Pentest Tools Port Scanner
- Tools 4 Hack
- Hacker Search Tools
- Pentest Tools Tcp Port Scanner
- Hack And Tools
- Hak5 Tools
- Pentest Tools Url Fuzzer
- Termux Hacking Tools 2019
- Hack Tools For Games
- Hacker Tools 2020
- Pentest Tools Download
- Pentest Tools Website Vulnerability
- Hacking Tools Kit
- Hack Tools Github
- Hacker Tool Kit
- Pentest Tools List
- World No 1 Hacker Software
- Hack Tools Pc
- Hacker Tools 2020
- Hacking Tools For Pc
- Hacker Tools Hardware
- Hacker Tools Github
- What Are Hacking Tools
- Hacker
- Pentest Tools
- Top Pentest Tools
- Hacker Tools Linux
- Hacker Search Tools
- Pentest Tools Review
- Hacking Tools 2019
- Hacker Tools 2019
- World No 1 Hacker Software
- Hacking Tools Free Download
- Hacking Tools Windows 10
- Hacking Tools For Windows
- How To Hack
- Pentest Tools Tcp Port Scanner
- Pentest Recon Tools
- Hacking Tools Windows
- Hacker Tools 2019
- Hacking Apps
- Hacking Apps
- Pentest Tools Kali Linux
- Pentest Tools Download
- Hacker Tools For Ios
- Hacker Tools Linux
- Pentest Tools Bluekeep
- Pentest Tools Subdomain
- New Hacker Tools
- Hacking Tools For Beginners
- Install Pentest Tools Ubuntu
- Pentest Tools Linux
- Hacker Tools
- Pentest Tools Kali Linux
- Hacking Tools For Windows 7
- Pentest Tools Nmap
- Hacker Tools Linux
- Hack Tools Pc
- New Hacker Tools
- Hack Tools For Ubuntu
- Hackrf Tools
- Best Hacking Tools 2019
- Hack Tools For Mac
- Hacker Tools Mac
- Hacking Tools Mac
- Pentest Tools
- Hacker Hardware Tools
- Hack Tools 2019
posted by Whole Food Farmacy | 7:35 PM
0 Comments:
Post a Comment
<< Home