Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related word


  1. Hack Apps
  2. Hacking Tools For Windows
  3. Hackrf Tools
  4. Hack Tools Pc
  5. Hacker Tool Kit
  6. Black Hat Hacker Tools
  7. Ethical Hacker Tools
  8. Hacker Hardware Tools
  9. Hacking Tools For Games
  10. Hacking Tools Windows 10
  11. Tools Used For Hacking
  12. Hacker Tools For Ios
  13. Hacking Tools And Software
  14. Hacking Tools Hardware
  15. Pentest Tools Port Scanner
  16. Pentest Tools List
  17. Hackers Toolbox
  18. Hacker Search Tools
  19. Pentest Recon Tools
  20. Pentest Tools For Android
  21. Hack Apps
  22. Hacking Tools For Mac
  23. Hacker Security Tools
  24. Pentest Tools Tcp Port Scanner
  25. Nsa Hacker Tools
  26. Blackhat Hacker Tools
  27. Tools For Hacker
  28. Hack Tools Pc
  29. Hacking Tools For Beginners
  30. Hacker Tools Hardware
  31. Pentest Tools List
  32. Hacking Tools Pc
  33. Pentest Automation Tools
  34. Pentest Tools Url Fuzzer
  35. Hacker Tools Software
  36. Hacker Hardware Tools
  37. Nsa Hacker Tools
  38. Hacking Tools Software
  39. Hack Tools Github
  40. Hack Tools For Games
  41. Hacker Tools Free Download
  42. Hacks And Tools
  43. Pentest Tools For Mac
  44. Hacking Tools Kit
  45. Hack Tools For Ubuntu
  46. Hacking Tools And Software
  47. Pentest Tools Website
  48. How To Install Pentest Tools In Ubuntu
  49. Free Pentest Tools For Windows
  50. Blackhat Hacker Tools
  51. Hacking Tools For Mac
  52. Hacking Tools Free Download
  53. Hacker Techniques Tools And Incident Handling
  54. Hacking Tools Pc
  55. Underground Hacker Sites
  56. Hack Tools
  57. How To Hack
  58. Hacking Tools Hardware
  59. Pentest Tools Nmap
  60. Hacker Tool Kit
  61. Hacking Tools Hardware
  62. Hacking Tools Pc
  63. Best Hacking Tools 2019
  64. Hacker Tools Windows
  65. Hacking Tools For Windows 7
  66. Hackers Toolbox
  67. What Is Hacking Tools
  68. Hacker Tools For Windows
  69. Github Hacking Tools
  70. Pentest Tools Online
  71. Hacker Tools Windows
  72. Hacking Tools For Windows 7
  73. Hacking Tools For Windows Free Download
  74. Hacker Security Tools
  75. Hacking Tools 2019
  76. Hacker Tools Apk Download
  77. Pentest Tools List
  78. Pentest Tools Alternative
  79. Hacking Tools For Kali Linux
  80. Hacking Tools Windows 10
  81. Hacker Tools Hardware
  82. Hacking Tools
  83. Hak5 Tools
  84. Hacker Tools Free Download
  85. Hacker Tools Windows
  86. Hack Tools Download
  87. Hacker Tools Free
  88. Hacker Tool Kit
  89. Best Hacking Tools 2020
  90. Nsa Hack Tools Download
  91. Pentest Tools Windows
  92. Pentest Tools Android
  93. Hacking Tools Mac
  94. Pentest Tools Bluekeep
  95. Game Hacking
  96. Pentest Tools Framework
  97. Pentest Tools For Android
  98. Hacker Tool Kit
  99. New Hack Tools
  100. Hacking Tools For Beginners
  101. Hacker Tools
  102. Hacker Tools For Windows
  103. Hacking Tools Download
  104. Hack Tools For Games
  105. Hacking Tools For Mac
  106. Hacker Tools Windows

Yorumlar

Yorum Gönder

Bu blogdaki popüler yayınlar

5510 Interesting News

Will bond vigilantes come for America's next president? Economic data, commodities and markets Norway's weak currency presents a mystery Will Americans be bowled over by cricket—again? After a year of war, Sudan is a failing state The unfair trial of Jimmy Lai begins in Hong Kong Mozambique's ruling party wins a dodgy election The EU hits China's carmakers with hefty new tariffs What if China and India became friends? Nigel Farage and his 'historic mission': on the ground with Reform UK – podcast Will Labour be better at tackling dirty money than the Tories? Time to go How Trump Could Actually Increase Fossil Fuel Production Western multinationals' Russian dilemmas What's an Influencer? The Complete WIRED Guide The bloodshed in Gaza is set to rage through Ramadan Why Indonesia's horror films are booming Iran rethinks its role as a regional troublemaker Donald Trump claims victory Maia Sandu, Moldova's president, dares to stand up to Russia China...
Devamı

5534 Interesting News

Sean Baker's films bring sex work into the light Antonio Bolívar died on April 30th We Hand-Picked the 45 Best Deals From the 2025 REI Anniversary Sale Concerts and Airports Hit by Measles Exposures. Do You Need Another Measles Booster? This week's cover Brazilian supercows are taking over the world Should rich countries pay for climate damage in poor ones? Annual inflation of 114% is pushing Argentina to the right Mario Kart World was initially planned for the original Switch Xi Jinping and China face another tough year Common sense is not actually very common As a rich-world covid-vaccine glut looms, poor countries miss out China's economy is suffering from long covid No Straight Road Takes You There by Rebecca Solnit review – an activist's antidote to despair China's ties with Russia are growing more solid Kamala Harris moves ahead—just—in our final election forecast The prospect of a Trump presidency looms over Mexico's elections The strategic reverberations...
Devamı

5510 Interesting News

South-East Asia is in the grip of a record-breaking heatwave This week's covers After 100 brutal days, Javier Milei has markets believing In Congo, a desperate struggle to control the deadly mpox outbreak The Pentagon is hurrying to find new explosives Hey Siri! Help me get Apple out of an AI-shaped hole A Lethal Mystery Illness Spread in Congo. USAID Cuts Have Slowed the Response Scientists have found a new kind of magnetic material Welsh voters think their government has mismanaged public services. Rightly Why people have fallen out of love with dating apps Economic data, commodities and markets Donald Trump is targeting Mexico like no other country Germany's economy goes from bad to worse iPad Air M3 review: A modest update that's still easy to recommend China is using archaeology as a weapon The world is (still) failing to come close to its climate goals The Guardian view on Rodrigo Duterte in The Hague: a warning to rogue leaders | Editorial Augmented reality offers a ...
Devamı