Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

More articles

1. Beginner Hacker Tools
2. Hacker Tools Online
3. Hacker Tools For Windows
4. Hacking Tools And Software
5. Pentest Tools Alternative
6. Hacker Tools For Mac
7. Bluetooth Hacking Tools Kali
8. Hacking Tools Github
9. Pentest Tools Apk
10. Hack Tools Mac
11. How To Hack
12. Hack Tools Download
13. Pentest Tools Android
14. Hacker Tools Software
15. Pentest Tools Port Scanner
16. Android Hack Tools Github
17. Pentest Tools Open Source
18. Pentest Tools Review
19. Hackrf Tools
20. Pentest Tools Port Scanner
21. Pentest Box Tools Download
22. New Hack Tools
23. Tools For Hacker
24. Pentest Tools Url Fuzzer
25. Pentest Tools
26. Termux Hacking Tools 2019
27. Hacker Tools Github
28. Hacking Tools For Windows 7
29. Hacker Tools Github
30. How To Make Hacking Tools
31. Hacking Tools Hardware
32. Hack Tools Pc
33. Hacking Tools Hardware
34. Hack Tools Online
35. Hack Website Online Tool
36. Pentest Tools Open Source
37. Hacking Tools For Windows Free Download
38. Hacker Tools List
39. Easy Hack Tools
40. Hak5 Tools
41. Hack Tools Mac
42. Pentest Tools Review
43. Pentest Tools Bluekeep
44. Hacking Tools Github
45. Pentest Tools Url Fuzzer
46. Pentest Tools Apk
47. Pentest Tools For Windows
48. Hack Tools For Mac
49. Hacker Tools 2020
50. Hacker Tools Apk Download
51. Pentest Tools Website Vulnerability
52. Hack Tools Github
53. How To Install Pentest Tools In Ubuntu
54. Pentest Tools
55. Pentest Tools For Mac
56. Pentest Tools Windows
57. Pentest Tools Github
58. Hacking Tools For Mac
59. World No 1 Hacker Software
60. Hacking Tools
61. Hack Rom Tools
62. Hacking Tools Name
63. Hack Tools For Windows
64. How To Install Pentest Tools In Ubuntu
65. Hacker Tools Github
66. Best Hacking Tools 2020
67. Hacker Tools Free Download
68. Hacking Tools 2020
69. Pentest Tools Online
70. What Is Hacking Tools
71. Hacks And Tools
72. Hacker Techniques Tools And Incident Handling
73. Hacking Tools For Windows
74. Hacking Tools Usb
75. Hackers Toolbox
76. Pentest Recon Tools
77. Nsa Hacker Tools
78. Pentest Tools Alternative
79. Hacking Tools Windows 10
80. Pentest Tools For Android
81. Hack Tools For Windows
82. Free Pentest Tools For Windows
83. Hacker Tools 2020
84. Usb Pentest Tools
85. Hacker Tools Windows
86. How To Hack
87. Hacking Tools For Windows
88. Hacker Tools For Mac
89. Pentest Tools Framework
90. Hacker Techniques Tools And Incident Handling
91. Hacker Tools Free Download
92. Hacker Security Tools
93. Hacker Tools Online
94. Pentest Tools Subdomain
95. Pentest Tools Free
96. Pentest Tools Online
97. Hack Tools For Pc
98. Usb Pentest Tools