segunda-feira, 29 de maio de 2023

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related news


  1. Hack Tools Online
  2. What Is Hacking Tools
  3. Free Pentest Tools For Windows
  4. Physical Pentest Tools
  5. Hacker Tools 2020
  6. Hack Tools
  7. Hacking Tools Name
  8. Black Hat Hacker Tools
  9. Hacker Tool Kit
  10. Hacking Tools For Windows 7
  11. Hacking Tools Windows 10
  12. Hacker Tools Online
  13. Pentest Tools Port Scanner
  14. Pentest Tools Alternative
  15. Hacker Tools Hardware
  16. Pentest Recon Tools
  17. Pentest Tools Review
  18. Hacker Tools Free Download
  19. Hacker Tools For Windows
  20. Beginner Hacker Tools
  21. Hacker Tools For Windows
  22. Hacker Tools Hardware
  23. Pentest Tools Download
  24. Ethical Hacker Tools
  25. How To Install Pentest Tools In Ubuntu
  26. Hackrf Tools
  27. Hacking Tools Online
  28. Hacker Tools Apk
  29. Hacker Techniques Tools And Incident Handling
  30. What Is Hacking Tools
  31. Hack Tools Download
  32. Hacking Tools And Software
  33. Hacking Tools 2019
  34. Pentest Tools Apk
  35. Pentest Tools Bluekeep
  36. Hacking Tools Software
  37. Hacker Security Tools
  38. Ethical Hacker Tools
  39. Hacker Tools 2020
  40. How To Hack
  41. Hack Tool Apk No Root
  42. Free Pentest Tools For Windows
  43. Hack Tools Download
  44. Easy Hack Tools
  45. Hacker Tools Free Download
  46. Hacker Tools For Windows
  47. Hacker Tools For Pc
  48. Hacker Tools Software
  49. Best Hacking Tools 2020
  50. Hack Tool Apk No Root
  51. Hacker Tools Apk
  52. Pentest Tools Subdomain
  53. World No 1 Hacker Software
  54. Hacking Tools For Mac
  55. Hack Tools For Games
  56. Hacker Tools
  57. Hacker Tools Online
  58. New Hacker Tools
  59. Underground Hacker Sites
  60. Hacker Tools Windows
  61. Github Hacking Tools
  62. Hacker Tools Hardware
  63. Hacking Tools Pc
  64. Pentest Tools Url Fuzzer
  65. Hack App
  66. Pentest Tools For Ubuntu
  67. Pentest Tools Nmap
  68. Pentest Tools Kali Linux
  69. Pentest Tools Review
  70. Hacker Tools Apk
  71. Pentest Tools Open Source
  72. Hack Tool Apk No Root
  73. Hacking Tools For Games
  74. What Is Hacking Tools
  75. Github Hacking Tools
  76. Hack Tools
  77. Wifi Hacker Tools For Windows
  78. Pentest Recon Tools
  79. Pentest Tools Port Scanner
  80. Hack Tools For Mac
  81. Hack Website Online Tool
  82. Hacker Tool Kit
  83. Hack App
  84. Hacking Tools Download
  85. Hack Rom Tools
  86. Hacker Tools 2019
  87. Hacker Tools 2020
  88. Hack Tool Apk
  89. Pentest Tools Android
  90. Pentest Tools Linux
  91. Install Pentest Tools Ubuntu
  92. What Are Hacking Tools
  93. Pentest Tools Windows
  94. Free Pentest Tools For Windows
  95. Black Hat Hacker Tools
  96. Bluetooth Hacking Tools Kali
  97. Hack Rom Tools
  98. Pentest Recon Tools
  99. Ethical Hacker Tools
  100. Hacker Security Tools
  101. Hacker Tools 2019
  102. Hacker Security Tools
  103. Hacking Tools For Pc
  104. Hack Tools
  105. Pentest Tools Find Subdomains
  106. Pentest Tools For Android
  107. Hacking Tools Usb
  108. Hacking Apps
  109. Hacking Tools For Kali Linux
  110. Android Hack Tools Github
  111. Hack Tools Github
  112. Hacking Tools 2019
  113. Hacker Tools Hardware
  114. Hacker Tools For Ios
  115. Hacking Tools Kit
  116. Pentest Tools Website Vulnerability
  117. Hack Tool Apk
  118. Hack Tools For Mac
  119. Hack Tools Github
  120. Hacker Tools For Ios
  121. Hack Tools For Games
  122. Hacker Tools Mac

0 comentários:

Postar um comentário