Monday, January 22, 2024

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More articles


  1. Hacker Tools Apk
  2. Game Hacking
  3. Pentest Tools Online
  4. Hacking Tools For Games
  5. Pentest Tools Kali Linux
  6. Hacker Tools Free
  7. Usb Pentest Tools
  8. Hack Rom Tools
  9. Hack Tools Pc
  10. Kik Hack Tools
  11. Best Pentesting Tools 2018
  12. Hack Tools Github
  13. Hacking Tools For Windows 7
  14. Hacking Tools For Kali Linux
  15. Pentest Automation Tools
  16. Hacking Tools 2019
  17. Pentest Tools Open Source
  18. Hacking Tools Github
  19. Install Pentest Tools Ubuntu
  20. Pentest Tools Windows
  21. Growth Hacker Tools
  22. Pentest Tools Android
  23. Hacker Tools 2019
  24. Ethical Hacker Tools
  25. Hacking Tools Kit
  26. Top Pentest Tools
  27. Hacker Tools Mac
  28. New Hack Tools
  29. Pentest Tools Tcp Port Scanner
  30. Pentest Tools Open Source
  31. Hacking Tools For Pc
  32. How To Install Pentest Tools In Ubuntu
  33. Pentest Tools Website
  34. Kik Hack Tools
  35. Hacker Tools Apk Download
  36. Pentest Tools Kali Linux
  37. Easy Hack Tools
  38. Hacking Tools For Mac
  39. Pentest Tools Alternative
  40. Hacker Tools Linux
  41. Pentest Tools Free
  42. Beginner Hacker Tools
  43. Hacking Tools Windows
  44. How To Hack
  45. New Hack Tools
  46. Pentest Box Tools Download
  47. Hack Tools Download
  48. Hacker Tools Hardware
  49. Hack Tools
  50. Hack Tools For Games
  51. Best Hacking Tools 2020
  52. Growth Hacker Tools
  53. How To Make Hacking Tools
  54. Pentest Tools Linux
  55. Hacker Tools Linux
  56. Hack Rom Tools
  57. Physical Pentest Tools
  58. Pentest Automation Tools
  59. Hack Apps
  60. Hack And Tools
  61. Wifi Hacker Tools For Windows
  62. Hacking Tools And Software
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog