Friday, January 19, 2024

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




More information


  1. Hacking Tools Windows 10
  2. Hackrf Tools
  3. Pentest Tools Download
  4. Hacker Tools Online
  5. Pentest Tools Apk
  6. Pentest Tools Review
  7. Hack Tool Apk
  8. Hacking Tools And Software
  9. Pentest Tools Bluekeep
  10. Pentest Tools Apk
  11. What Are Hacking Tools
  12. Hacker Hardware Tools
  13. Hack Tools For Pc
  14. Pentest Tools Bluekeep
  15. Hack Tools Online
  16. Hacker Tools Free
  17. Hacking Tools For Kali Linux
  18. Pentest Tools Website Vulnerability
  19. Hacking Tools Hardware
  20. Hack Tools Mac
  21. Pentest Tools Bluekeep
  22. Pentest Tools Url Fuzzer
  23. Hack App
  24. Blackhat Hacker Tools
  25. Hacking App
  26. Hacker Tools Mac
  27. Physical Pentest Tools
  28. Best Hacking Tools 2020
  29. Hacker Tools Github
  30. Hack Tool Apk No Root
  31. Hacks And Tools
  32. Android Hack Tools Github
  33. Pentest Tools For Ubuntu
  34. Hack Tools Pc
  35. Nsa Hack Tools
  36. Pentest Tools Review
  37. Hacking Tools Kit
  38. Hack Tools For Ubuntu
  39. Pentest Tools Linux
  40. Hack Tools
  41. Pentest Tools Kali Linux
  42. Free Pentest Tools For Windows
  43. Termux Hacking Tools 2019
  44. Hacker Tools List
  45. Hacker Security Tools
  46. Hacker Tools Software
  47. Hacking Tools For Mac
  48. World No 1 Hacker Software
  49. Pentest Tools Github
  50. Nsa Hack Tools
  51. Github Hacking Tools
  52. Pentest Tools Subdomain
  53. Hack Tools Pc
  54. Hacks And Tools
  55. Hacking Tools For Windows 7
  56. Pentest Tools Windows
  57. Hack Tool Apk
  58. Hacking Tools For Windows
  59. Hacking Tools Windows 10
  60. Hacker Tools For Windows
  61. Hacking Tools For Windows
  62. Pentest Tools Tcp Port Scanner
  63. Hack Tools Github
  64. Hacker Tool Kit
  65. Hacking App
  66. Nsa Hack Tools
  67. Hacker Security Tools
  68. Pentest Tools Download
  69. Hacker Hardware Tools
  70. Tools For Hacker
  71. Hacker Tool Kit
  72. Hacking Tools Free Download
  73. Hacking Tools For Mac
  74. Pentest Tools Free
  75. What Is Hacking Tools
  76. Hacker Tools Online
  77. Top Pentest Tools
  78. Hacker Tools 2019
  79. Hack Tools For Games
  80. Pentest Tools Framework
  81. Hacker Tools Online
  82. World No 1 Hacker Software
  83. Hacker
  84. Game Hacking
  85. Pentest Tools Apk
  86. Hacker Tools List
  87. Top Pentest Tools
  88. Hacking Tools Mac
  89. Hacking Tools For Kali Linux
  90. Hacker Hardware Tools
  91. Nsa Hacker Tools
  92. Hack Tools Pc
  93. Hack Tools
  94. Usb Pentest Tools
  95. Best Pentesting Tools 2018
  96. Hacker Hardware Tools
  97. Pentest Tools Url Fuzzer
  98. Pentest Tools Review
  99. Physical Pentest Tools
  100. Pentest Tools Free
  101. Nsa Hack Tools Download
  102. Hacking Tools Kit

No comments:

Post a Comment