Security Surprises On Firefox Quantum
This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
The zip contains these two files:
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
Related articles
This means two things
1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.
Ubuntu Version:
Firefox Quantum version:
The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip
3f201a8984d6d765bc81966842294611 libgmpopenh264.so
44aef3cd6b755fa5f6968725b67fd3b8 gmpopenh264.info
The info file:
Name: gmpopenh264
Description: GMP Plugin for OpenH264.
Version: 1.6.0
APIs: encode-video[h264], decode-video[h264]
So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.
In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.
Related articles
- Hacker
- Hacker Hardware Tools
- Hacker Tools Github
- Hacker Tools Free
- Hacking Tools 2020
- Hacker Tools
- Hack Tools
- Pentest Automation Tools
- Hacking Tools And Software
- Hacker Tools Linux
- Hack App
- Growth Hacker Tools
- Hacking Tools For Kali Linux
- Hacking Tools For Windows Free Download
- Beginner Hacker Tools
- Hacking Tools For Games
- Hack Tool Apk
- Best Pentesting Tools 2018
- Hacks And Tools
- Pentest Automation Tools
- Hacker Tools For Pc
- Hacking Apps
- Hacking Tools Windows 10
- Growth Hacker Tools
- Nsa Hacker Tools
- World No 1 Hacker Software
- Pentest Tools Free
- Pentest Tools For Windows
- Hacker Tools For Mac
- Termux Hacking Tools 2019
- Hack Tools
- Top Pentest Tools
- Hacking App
- Pentest Tools For Android
- New Hack Tools
- Easy Hack Tools
- Pentest Tools Framework
- Hacker Tools Hardware
- Pentest Tools List
- Hack App
- Hacker Tools Apk Download
- Game Hacking
- Hacking Tools For Games
- Hacking App
- Ethical Hacker Tools
- Hacker Tools 2019
- Top Pentest Tools
- Pentest Tools Download
- Hack Tools
- Best Hacking Tools 2020
- World No 1 Hacker Software
- Hacker Tools For Ios
- Pentest Tools Online
- Nsa Hacker Tools
- Hacks And Tools
- Hacker
- Pentest Tools Alternative
- Hacker Tools For Windows
- Hacker Tools For Ios
- Pentest Tools Url Fuzzer
- Hacker Hardware Tools
- Best Pentesting Tools 2018
- What Are Hacking Tools
- Pentest Tools
- Hacking Tools Online
- Free Pentest Tools For Windows
- Hacker Techniques Tools And Incident Handling
- Hacking Tools For Kali Linux
- Termux Hacking Tools 2019
- Pentest Automation Tools
- Hacking Tools For Windows
- Tools For Hacker
- Easy Hack Tools
- Hack Tools Github
- Pentest Tools Url Fuzzer
- Free Pentest Tools For Windows
- Hacking Tools For Kali Linux
- New Hacker Tools
- Hacker Tools Free
- Hack Tools Online
- Pentest Tools For Ubuntu
- Pentest Tools Kali Linux
- Hacks And Tools
- Hacking Tools Name
- Hacking Tools Pc
- New Hacker Tools
- Hacker Tools List
- Hacker Tools Apk Download
- Hacker Tools
- Underground Hacker Sites
- Hacker Tools Windows
- Hack Tools
- Hacker Search Tools
- What Is Hacking Tools
- Pentest Tools Online
- Pentest Tools Url Fuzzer
- Hacking Tools Pc
- Pentest Box Tools Download
- Hacking Tools Pc
- Hacking Tools Github
- Pentest Tools Website Vulnerability
- Tools For Hacker
- Pentest Tools Review
- Ethical Hacker Tools
- Hacking Tools Kit
- Hacking Tools For Windows 7
- Pentest Tools Android
- Hack Tool Apk
- Hacker Tools Hardware
- Hacker Tools Free
- How To Make Hacking Tools
- Hacking App
- Pentest Tools Nmap
- Hack Tools For Mac
- Best Hacking Tools 2020
- Hacking Tools For Beginners
- Hackers Toolbox
- Hacking Tools Software
- Hack Tools Online
- Hacker Tools Hardware
- Pentest Tools Online
- Hacking Tools For Pc
- Hack Tools Mac
- Android Hack Tools Github
- Hack And Tools
- Hacker Tools Mac
- Pentest Tools Url Fuzzer
- Hacking Tools Windows 10
- Hacking Tools For Windows
- Hack Tools For Mac
- Hacker Tools Linux
- Pentest Tools Review
- Hacking Tools For Beginners
- Pentest Tools Tcp Port Scanner
- Hacking Tools 2020
- What Is Hacking Tools
- Hacking Tools Free Download
- Hacking Tools Name
- Easy Hack Tools
- Hacking Tools For Beginners
- Pentest Tools Nmap
- Hacker Tools 2019
- Hack Tools For Mac
- Hack And Tools
- Hacker Tools Software
- Usb Pentest Tools
- Hack Tool Apk No Root
- Hacker Tools Apk
- Pentest Tools Linux
- Hacker Tools For Mac
- Pentest Tools For Ubuntu
- Bluetooth Hacking Tools Kali
- Hacker Hardware Tools
- Pentest Tools Tcp Port Scanner
- Growth Hacker Tools
- Kik Hack Tools
- Hack Tools For Pc
- Hacker Tools List
- Nsa Hack Tools Download
- Easy Hack Tools
- Hack Tools Pc
- Hack Tools Mac
- Hack Tools For Ubuntu
- Nsa Hack Tools
- Top Pentest Tools
- Hacker Tools Apk
- Hack Tools For Games
- Hack Tools For Windows
- Hacking Tools And Software
- Hacking Tools Free Download
- Hack Tools
- Bluetooth Hacking Tools Kali
- Pentest Tools Github
- Pentest Tools For Android
- Hacker Tools Hardware
- Hack And Tools
posted by safer cooler greener at
6:31 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home