Sunday, August 30, 2020

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Continue reading


  1. What Is Hacking Tools
  2. Hacker Security Tools
  3. Nsa Hacker Tools
  4. Hacker Tools 2020
  5. Hacking Apps
  6. Bluetooth Hacking Tools Kali
  7. Hack Tools Github
  8. Hack Rom Tools
  9. Hacking Tools Pc
  10. Usb Pentest Tools
  11. Nsa Hack Tools Download
  12. Hackrf Tools
  13. Top Pentest Tools
  14. Hack Tools Mac
  15. Hacking Tools For Beginners
  16. Pentest Tools Windows
  17. Hacker Security Tools
  18. Termux Hacking Tools 2019
  19. Android Hack Tools Github
  20. Blackhat Hacker Tools
  21. Pentest Box Tools Download
  22. Hacking Tools For Windows 7
  23. Pentest Tools Kali Linux
  24. Nsa Hacker Tools
  25. Pentest Tools Website
  26. Hack Tools
  27. Pentest Tools For Android
  28. Pentest Tools Linux
  29. Hacking Tools For Beginners
  30. Kik Hack Tools
  31. Hacking Tools For Windows
  32. Nsa Hacker Tools
  33. Hacker Tools 2020
  34. Hacking Tools For Windows Free Download
  35. Pentest Tools Open Source
  36. Pentest Tools Android
  37. Best Hacking Tools 2019
  38. Hack Tools For Mac
  39. Hacker Tools Software
  40. Nsa Hack Tools Download
  41. Pentest Tools Subdomain
  42. What Is Hacking Tools
  43. Hack Tools Mac
  44. Hacking Tools Online
  45. Hacker Tools 2019
  46. Hacking Tools Windows
  47. Hacking Tools Hardware
  48. Hacking Apps
  49. Pentest Tools Download
  50. Hack Tool Apk
  51. Hack Tools For Games
  52. Hacker Tools For Mac
  53. Hacker Tools List
  54. Black Hat Hacker Tools
  55. Growth Hacker Tools
  56. Hacker Tools For Pc
  57. Pentest Recon Tools
  58. Pentest Tools Alternative
  59. Hacker Tool Kit
  60. Hak5 Tools
  61. Pentest Tools Kali Linux
  62. Github Hacking Tools
  63. How To Install Pentest Tools In Ubuntu
  64. Top Pentest Tools
  65. Hacking Tools For Windows 7
  66. Hack Tools For Pc
  67. Pentest Tools Android
  68. Hacker Tools Free Download
  69. Hacking Tools Pc
  70. Pentest Tools Github
  71. Kik Hack Tools
  72. Usb Pentest Tools
  73. Hack Tools For Windows
  74. Pentest Automation Tools
  75. Nsa Hack Tools Download
  76. Hacking App
  77. Hack Rom Tools
  78. Hacker Tools Windows
  79. Hacking Tools Usb
  80. Underground Hacker Sites
  81. What Are Hacking Tools
  82. Hacker Tools Linux
  83. Pentest Tools Url Fuzzer
  84. Hacker Tools Free
  85. Hack Tools
  86. Hacking Tools Online
  87. Hack Tools For Mac
  88. Pentest Tools For Mac
  89. Pentest Tools Alternative
  90. Usb Pentest Tools
  91. Hacking Tools Free Download
  92. Hacking Tools Free Download
  93. Ethical Hacker Tools
  94. Pentest Tools Framework
  95. Hacker
  96. Hack Apps
  97. Termux Hacking Tools 2019
  98. Hacker Tools 2019
  99. Hacker Tools Free
  100. Hacking Tools Free Download
  101. Physical Pentest Tools
  102. Hacker Tools 2019
  103. Pentest Tools
  104. Hacking Tools For Windows Free Download
  105. Pentest Tools Find Subdomains
  106. Hacker Tools Hardware
  107. World No 1 Hacker Software
  108. Best Hacking Tools 2020
  109. Pentest Recon Tools
  110. Hack Tools
  111. Ethical Hacker Tools
  112. Beginner Hacker Tools
  113. Pentest Tools Online
  114. Pentest Tools Free
  115. Hacking Tools Mac
  116. Tools 4 Hack
  117. Hacker Tools Windows
  118. How To Install Pentest Tools In Ubuntu
  119. Hacking Tools Github
  120. Pentest Tools For Ubuntu
  121. Game Hacking
  122. Hacking Tools Download
  123. Hacking Tools Download
  124. Best Hacking Tools 2020
  125. Top Pentest Tools
  126. Hacker Tools Windows
  127. Tools 4 Hack
  128. Hacking Tools 2020
  129. Hacking Tools For Beginners
  130. Pentest Tools Website Vulnerability
  131. Easy Hack Tools
  132. Pentest Tools Open Source
  133. Android Hack Tools Github
  134. Pentest Tools Framework
  135. Pentest Tools Find Subdomains
  136. Tools For Hacker
  137. Tools 4 Hack
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)