Sunday, June 4, 2023

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More articles
  1. Hacking Tools Windows
  2. Hacker Tools 2019
  3. Hacking Tools Software
  4. Pentest Tools Framework
  5. Hacker Tools Mac
  6. Pentest Reporting Tools
  7. Kik Hack Tools
  8. Github Hacking Tools
  9. Pentest Tools Tcp Port Scanner
  10. Pentest Tools Find Subdomains
  11. Hacking Tools For Windows Free Download
  12. Nsa Hack Tools
  13. Hack Rom Tools
  14. Pentest Tools Framework
  15. Game Hacking
  16. Hacking Tools Windows 10
  17. Hacking Tools Windows 10
  18. Android Hack Tools Github
  19. Pentest Tools Bluekeep
  20. Pentest Tools For Windows
  21. Tools Used For Hacking
  22. Hack And Tools
  23. Hackers Toolbox
  24. Hacking App
  25. Tools For Hacker
  26. Pentest Tools For Ubuntu
  27. Best Pentesting Tools 2018
  28. Pentest Recon Tools
  29. Install Pentest Tools Ubuntu
  30. Hacker Tools 2020
  31. Hacker Tools Apk
  32. Hack And Tools
  33. Hack Tools
  34. Hack Tools Github
  35. Hack Tools Pc
  36. Hack Tools Download
  37. Pentest Tools Url Fuzzer
  38. Hacker Tools Apk
  39. Hacker Search Tools
  40. Pentest Tools Url Fuzzer
  41. Hacker Tools 2020
  42. Pentest Tools Free
  43. Hacking Tools For Pc
  44. Tools 4 Hack
  45. How To Make Hacking Tools
  46. Hack Rom Tools
  47. Best Hacking Tools 2019
  48. Hacker Tools 2020
  49. Tools Used For Hacking
  50. Hacking Tools Mac
  51. Hacker Tools For Ios
  52. Hacking Tools For Games
  53. Pentest Tools Framework
  54. Best Pentesting Tools 2018
  55. Hacker Tools Github
  56. World No 1 Hacker Software
  57. What Is Hacking Tools
  58. Growth Hacker Tools
  59. How To Make Hacking Tools
  60. Hack Tools
  61. Hacker Tools Apk
  62. Pentest Reporting Tools
  63. Pentest Tools Online
  64. Android Hack Tools Github
  65. Hacker Tools Online
  66. New Hack Tools
  67. Pentest Tools For Mac
  68. Top Pentest Tools
  69. Hacker Tools Apk Download
  70. Hack Tools 2019
  71. Hack App
  72. Nsa Hacker Tools
  73. Hacking Tools For Games
  74. Hackers Toolbox
  75. Hacker Tools
  76. Best Hacking Tools 2019
  77. Hacking Tools For Kali Linux
  78. Pentest Tools For Windows
  79. Hacker Security Tools
  80. Pentest Tools Download
  81. Hack And Tools
  82. Termux Hacking Tools 2019
  83. Hacker Tools Free
  84. Hack Tools
  85. Hacker Security Tools
  86. Hacker Security Tools
  87. Pentest Tools For Windows
  88. Hacker Tools 2020
  89. Pentest Tools List
  90. Physical Pentest Tools
  91. Hacking Tools Windows
  92. Hack Apps
  93. Hacker Tools For Windows
  94. Pentest Recon Tools
  95. Ethical Hacker Tools
  96. Hacking Tools Free Download
  97. Hacking App
  98. Hacking Tools For Mac
  99. Hackers Toolbox
  100. Best Hacking Tools 2020
  101. Wifi Hacker Tools For Windows
  102. Hacking Tools Online
  103. Tools 4 Hack
  104. Pentest Tools Apk
  105. Hacker Tools Free Download
  106. Hacker Security Tools
  107. Hacker Tools Free
  108. What Are Hacking Tools
  109. Hack Tools For Mac
  110. Hacking Tools For Windows
  111. Hacking Tools For Pc
  112. Hacker Tools Free
  113. Hacker Tools 2020
  114. Hacking Tools Free Download
  115. What Are Hacking Tools
  116. Hacking Tools Online
  117. Best Hacking Tools 2019
  118. Pentest Tools Website Vulnerability
  119. Pentest Tools Alternative
  120. Computer Hacker
  121. Pentest Tools Open Source
  122. Hack Tools
  123. Game Hacking
  124. Pentest Tools Framework
  125. Hacker Tools For Pc
  126. Hacking Tools Free Download
  127. Pentest Tools Bluekeep
  128. Android Hack Tools Github
  129. Hacking Tools
  130. Pentest Reporting Tools
  131. Pentest Tools Nmap
  132. Tools For Hacker
  133. Hacker Tools
  134. Hack Website Online Tool
  135. Pentest Tools Website
  136. Hacker Search Tools
  137. Kik Hack Tools
  138. Physical Pentest Tools
  139. Hacker Tools Online
  140. Hack Tools For Games
  141. Hacking Tools 2020
  142. Hack Tools Github
  143. Nsa Hacker Tools
  144. Hack Tools For Pc
  145. Nsa Hack Tools
  146. Hacking Tools And Software
  147. Pentest Tools Kali Linux
  148. Beginner Hacker Tools
  149. Hacking Tools For Windows Free Download
  150. Kik Hack Tools
  151. Hack Tools 2019
  152. Hackers Toolbox
  153. Hack Tools For Windows
  154. Hacker Tools 2019
  155. Best Hacking Tools 2020
  156. Hack Tools Online
  157. Hacker Tools For Windows
  158. Hacking Tools And Software
  159. Hack Tools For Pc
  160. Pentest Tools Url Fuzzer
  161. Hacks And Tools
  162. Hack Tools Online
  163. Pentest Recon Tools
  164. Hacker Tools Github
  165. Tools For Hacker
  166. Hacking App
  167. Nsa Hack Tools
  168. Hacker Tools Windows
  169. Pentest Tools Framework
  170. Pentest Tools Subdomain
  171. Hack Tools
  172. Pentest Tools Alternative
  173. Pentest Tools Website Vulnerability

No comments:

Post a Comment