Thursday, May 25, 2023

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related news


  1. Hacking Tools For Kali Linux
  2. Pentest Tools Subdomain
  3. Pentest Tools Apk
  4. Pentest Tools Windows
  5. Pentest Tools List
  6. Hacking Tools For Windows Free Download
  7. Hack Tools For Windows
  8. Hacking Apps
  9. Hack Apps
  10. Hacking Tools And Software
  11. Pentest Box Tools Download
  12. Hacker Tools Windows
  13. Hacking Tools Windows 10
  14. Hacking Tools For Windows 7
  15. Hacking Tools 2020
  16. How To Install Pentest Tools In Ubuntu
  17. Android Hack Tools Github
  18. Top Pentest Tools
  19. Pentest Tools Bluekeep
  20. Hacker Security Tools
  21. Hacker Tools 2019
  22. Tools 4 Hack
  23. Pentest Tools Apk
  24. Hacker Tools Free Download
  25. Wifi Hacker Tools For Windows
  26. Nsa Hack Tools
  27. Hacking Tools Windows
  28. Pentest Tools Website Vulnerability
  29. New Hack Tools
  30. Pentest Tools Framework
  31. Hacking Tools For Pc
  32. Hacker Tools Windows
  33. Black Hat Hacker Tools
  34. Pentest Tools Framework
  35. Hacking Tools Kit
  36. Hack Tool Apk
  37. Pentest Tools Website
  38. Pentest Tools Port Scanner
  39. Pentest Tools Apk
  40. Hacking Tools Free Download
  41. Pentest Automation Tools
  42. Pentest Tools Nmap
  43. Hack Apps
  44. Hacker Tools Windows
  45. Black Hat Hacker Tools
  46. Termux Hacking Tools 2019
  47. How To Install Pentest Tools In Ubuntu
  48. Hacking Tools For Windows 7
  49. Pentest Tools Android
  50. Hack Tools For Ubuntu
  51. Hacking Tools Windows 10
  52. Hacking Tools Hardware
  53. Easy Hack Tools
  54. Pentest Reporting Tools
  55. Hacking Apps
  56. Growth Hacker Tools
  57. Nsa Hack Tools Download
  58. Game Hacking
  59. Physical Pentest Tools
  60. What Are Hacking Tools
  61. Blackhat Hacker Tools
  62. How To Make Hacking Tools
  63. Hacking Tools Kit
  64. Hak5 Tools
  65. Pentest Tools Apk
  66. Hacking Tools For Kali Linux
  67. Hacker
  68. Bluetooth Hacking Tools Kali
  69. Hacking Tools 2020
  70. Hacker Tools Linux
  71. Pentest Tools Tcp Port Scanner
  72. Github Hacking Tools
  73. Pentest Tools For Mac
  74. Kik Hack Tools
  75. Pentest Tools Android
  76. Hacking Tools For Games
  77. Hack Tool Apk
  78. Hack Apps
  79. Pentest Tools Windows
  80. Hak5 Tools
  81. Tools 4 Hack
  82. Growth Hacker Tools
  83. Hack Tools For Mac
  84. Pentest Tools Find Subdomains
  85. Hack Tools For Mac
  86. Hacking Tools Hardware
  87. Hacking Tools Free Download
  88. Hacker Tools 2020
  89. Android Hack Tools Github
  90. Hacker Tools 2020
  91. How To Make Hacking Tools
  92. How To Hack
  93. Computer Hacker
  94. Pentest Box Tools Download
  95. Hacking Tools For Beginners
  96. Hacker Tools List
  97. Pentest Tools Apk
  98. Hacker Tools Windows
  99. Hacker Tools Software
  100. Bluetooth Hacking Tools Kali
  101. Hacker Tool Kit
  102. Hacker Tools Windows
  103. Kik Hack Tools
  104. Pentest Tools Subdomain
  105. Hack Tools For Pc
  106. Pentest Tools Find Subdomains
  107. Hacker Tools Software
  108. Hacking Tools Online
  109. Hack Apps
  110. Hacker Tools 2020
  111. Hack Tools
  112. Pentest Tools For Mac
  113. Hacker Tools List
  114. Pentest Tools For Windows
  115. Hack Tools Download
  116. Hack And Tools
  117. Top Pentest Tools
  118. Hacker Tools Hardware
  119. Hacking Tools Download
  120. Hacker Techniques Tools And Incident Handling
  121. Pentest Tools Online
  122. Hack Apps
  123. Pentest Tools Framework
  124. Hacker
  125. Github Hacking Tools
  126. Hack Tools For Mac
  127. Hacking Tools 2019
  128. Hack Website Online Tool
  129. Tools For Hacker
  130. Hacking Tools Usb
  131. Hack Tools Online
  132. Hack App
  133. Pentest Tools List
  134. Hacking Tools Kit
  135. Hacking Tools
  136. Beginner Hacker Tools
  137. Pentest Tools For Android
  138. World No 1 Hacker Software
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)