lunes, 29 de mayo de 2023

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More articles
  1. World No 1 Hacker Software
  2. Hack Tools Download
  3. Hacker Tools Linux
  4. Hacker Tools Mac
  5. Install Pentest Tools Ubuntu
  6. Pentest Recon Tools
  7. New Hacker Tools
  8. Nsa Hack Tools Download
  9. Hacking Tools Windows 10
  10. Hacker Tools For Windows
  11. What Is Hacking Tools
  12. Hacking Tools And Software
  13. New Hacker Tools
  14. Hacking Tools Pc
  15. How To Hack
  16. How To Install Pentest Tools In Ubuntu
  17. Hacker Tools Free
  18. Beginner Hacker Tools
  19. Pentest Tools Tcp Port Scanner
  20. Usb Pentest Tools
  21. Growth Hacker Tools
  22. Pentest Tools Find Subdomains
  23. Ethical Hacker Tools
  24. Best Hacking Tools 2019
  25. New Hacker Tools
  26. What Is Hacking Tools
  27. Pentest Tools Port Scanner
  28. Hacking Tools For Games
  29. Hacking Tools Kit
  30. Pentest Tools Download
  31. Hacker Tools 2020
  32. Hacker Tools
  33. Physical Pentest Tools
  34. Tools For Hacker
  35. Pentest Reporting Tools
  36. Hacking Tools Mac
  37. Tools 4 Hack
  38. Hacker Tools Mac
  39. Hacking Tools Pc
  40. Wifi Hacker Tools For Windows
  41. Hacker Tools Software
  42. Hack Tools
  43. Hack App
  44. Hack Tool Apk
  45. Hack Tools For Games
  46. Hack Tools Pc
  47. Hacker Tools 2020
  48. Pentest Tools For Android
  49. Pentest Tools For Ubuntu
  50. Best Hacking Tools 2019
  51. Hack And Tools
  52. Pentest Tools Bluekeep
  53. Hacking Tools Hardware
  54. Pentest Tools Online
  55. Hak5 Tools
  56. Free Pentest Tools For Windows
  57. Hacker Tools For Windows
  58. Pentest Tools Github
  59. Pentest Recon Tools
  60. New Hack Tools
  61. Hack Tools Online
  62. Hacker Search Tools
  63. Hacking Tools Usb
  64. Hacking Tools And Software
  65. Usb Pentest Tools
  66. Hacking Tools Name
  67. How To Install Pentest Tools In Ubuntu
  68. Hacking Tools For Mac
  69. Pentest Tools Android
  70. Pentest Tools Find Subdomains
  71. Pentest Tools Free
  72. Hacking Tools Windows 10
  73. Wifi Hacker Tools For Windows
  74. Hack Tools For Pc
  75. Hacker Tools Online
  76. Hacking Tools Pc
  77. New Hacker Tools
  78. Hacking Tools Kit
  79. Hacking Tools Name
  80. What Are Hacking Tools
  81. Hacking Tools For Kali Linux
  82. Hacker Techniques Tools And Incident Handling
  83. Hacking Tools Name
  84. Pentest Tools Website
  85. Easy Hack Tools
  86. Hacking Tools For Windows
  87. Hacking Tools Usb
  88. Hacking Tools Mac
  89. Hacking Tools Hardware
  90. Pentest Tools Nmap
  91. Hacker Tools Windows
  92. Pentest Tools Online
  93. Blackhat Hacker Tools
  94. Pentest Tools Windows
  95. Hacker Tools Online
  96. Hack Tools For Pc
  97. Hacker Tools 2020
  98. Hack Tools
  99. Hack Tools Online
  100. Pentest Tools Android
  101. Pentest Tools For Windows
  102. Hacker Tools Github
  103. Pentest Tools Github
  104. Hacking Tools Github
  105. New Hacker Tools
  106. Hacker Techniques Tools And Incident Handling
  107. Hack Tools Github
  108. Install Pentest Tools Ubuntu
  109. Hacking Tools For Beginners
  110. Hak5 Tools
  111. Best Hacking Tools 2019
  112. Pentest Tools Alternative
  113. Nsa Hack Tools Download
  114. Hacker Tools Free
  115. Pentest Tools Website Vulnerability
  116. Pentest Tools
  117. Hackrf Tools
  118. Pentest Tools Url Fuzzer
  119. Hackers Toolbox
  120. Pentest Tools Windows
  121. New Hacker Tools
  122. Tools 4 Hack
  123. Pentest Tools Windows
  124. Hacks And Tools
  125. Hack Tools 2019
  126. Hacker Tools 2019
  127. Hacking Tools Name
  128. Hack Tools Mac
  129. Hacking Tools Online
  130. Pentest Tools Subdomain
  131. Hacking Tools Pc
  132. Pentest Tools Windows
  133. Hacker Techniques Tools And Incident Handling
  134. Install Pentest Tools Ubuntu
  135. Wifi Hacker Tools For Windows
  136. Pentest Tools Android
  137. Hacking Apps
  138. Hacking Tools For Windows
  139. Android Hack Tools Github
  140. Hacking Tools For Windows
  141. Growth Hacker Tools
  142. Nsa Hack Tools Download
  143. Nsa Hack Tools Download
  144. Best Hacking Tools 2020
  145. Hacker Tools Software
  146. Hack Tools Online
  147. Pentest Tools Android
  148. Hack Tools For Pc
  149. Hacking Tools Windows
  150. Pentest Tools Github
  151. Hack Tool Apk No Root
  152. Hacking Tools Windows 10
  153. New Hacker Tools
  154. Pentest Tools Free
  155. Hacking Tools For Games
  156. Hacking Tools For Windows
  157. Hacker Hardware Tools
  158. Pentest Tools Android
  159. Hack Tools 2019
  160. Hack Rom Tools
  161. Pentest Tools Website Vulnerability
  162. Hacker Tools 2019
  163. Hacker Tool Kit
  164. Hack Tools For Games
  165. Hacker Hardware Tools
  166. Hack Tool Apk No Root
  167. Hacker Tools Free
  168. How To Make Hacking Tools
  169. Hacker Tools Windows

No hay comentarios: