RSS


Security Surprises On Firefox Quantum

0
Posted by KP-3မိသားစု |

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:



Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related links


  1. Hacking Tools For Games
  2. Pentest Tools
  3. Pentest Tools Download
  4. Pentest Tools Apk
  5. Hacker Tools For Windows
  6. Hacking Tools Free Download
  7. Hacker Tools Github
  8. Pentest Tools Subdomain
  9. Hacker Tool Kit
  10. Hacker Tools Linux
  11. Pentest Tools Find Subdomains
  12. Hacking Tools Name
  13. Pentest Tools Github
  14. Pentest Tools Windows
  15. Hackrf Tools
  16. Hack Tools
  17. Hack Tools 2019
  18. Pentest Reporting Tools
  19. Hacking Tools 2019
  20. Pentest Tools Find Subdomains
  21. Hacker Tools Free
  22. Hack Tools For Windows
  23. Hack Apps
  24. Hacking Tools For Games
  25. Hack Tools
  26. Pentest Tools Linux
  27. Hacker
  28. Hacking Tools 2019
  29. Pentest Tools Free
  30. Wifi Hacker Tools For Windows
  31. What Are Hacking Tools
  32. Hack Website Online Tool
  33. Hacking Tools Windows 10
  34. Hacker
  35. Hacker Tools List
  36. Hacker Tools Mac
  37. Hack App
  38. Hacking Tools And Software
  39. Hacking Tools For Windows Free Download
  40. Hack Tools
  41. Pentest Tools Subdomain
  42. Hak5 Tools
  43. Game Hacking
  44. Hacking Tools For Mac
  45. Hacker Tools For Mac
  46. Best Hacking Tools 2019
  47. Tools Used For Hacking
  48. Hacking Tools 2019
  49. Pentest Tools Online
  50. Hack Tools Pc
  51. Hacker Tools List
  52. Free Pentest Tools For Windows
  53. Computer Hacker
  54. Hacker Tool Kit
  55. Hacking Tools For Beginners
  56. Pentest Tools Alternative
  57. Hack Tools For Games
  58. Top Pentest Tools
  59. Pentest Tools Framework
  60. Hacker Tools List
  61. Pentest Tools Online
  62. Pentest Tools Github
  63. Underground Hacker Sites
  64. Pentest Tools Website Vulnerability
  65. Pentest Tools
  66. Hacker Tools For Mac
  67. Pentest Tools Review
  68. Hacker Tool Kit
  69. Pentest Tools Alternative
  70. Github Hacking Tools
  71. Hacker Tools Free Download
  72. Hacker Tools Software
  73. Kik Hack Tools
  74. Hacking Tools Github
  75. Hacking Tools 2019
  76. Hacking Tools Github
  77. Hack Apps
  78. What Are Hacking Tools
  79. Hacker Tools For Windows
  80. Pentest Tools Website
  81. Pentest Tools Online
  82. Termux Hacking Tools 2019
  83. Hack Tools
  84. Hacker Tools For Windows
  85. Hacking Tools Usb
  86. Hacker Tools Apk Download
  87. Hacking Tools Download
  88. Usb Pentest Tools
  89. Pentest Tools Windows
  90. Pentest Tools Download
  91. Hacker Tools Hardware
  92. Hacking Tools Software
  93. Hacking Apps
  94. Hacking Apps
  95. Hacking Tools Name
  96. Hacker Tools
  97. Hack Tools Github
  98. Hacker Tools Apk
  99. Computer Hacker
  100. Kik Hack Tools
  101. Hack Apps
  102. Pentest Tools Subdomain
  103. Hacking Tools
  104. Hack Tools For Windows
  105. Hacking Tools Online
  106. Pentest Tools Review
  107. Hacking Tools For Windows 7
  108. Install Pentest Tools Ubuntu
  109. Hacking Tools For Pc
  110. How To Hack



Related Post:

Read more »

0 comments:

Post a Comment

2010 Hi There Theme designed by Wordpress Theme| Blogger Templates by Blogger Template | Bollywood Movie Wallpaper