Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Related posts

1. Hacking Tools Name
2. Pentest Tools Open Source
3. Hacking Tools For Windows 7
4. Growth Hacker Tools
5. Hacker Tools Free
6. Tools Used For Hacking
7. Hacking Tools Name
8. Hack Tool Apk
9. Beginner Hacker Tools
10. Ethical Hacker Tools
11. Tools 4 Hack
12. Kik Hack Tools
13. Pentest Tools Url Fuzzer
14. Hack Tools Pc
15. Pentest Tools Subdomain
16. Hacking Tools For Kali Linux
17. Hack App
18. Kik Hack Tools
19. Pentest Tools For Mac
20. What Are Hacking Tools
21. Hack And Tools
22. Ethical Hacker Tools
23. Hack Tools Online
24. Pentest Tools Tcp Port Scanner
25. Hacking App
26. Nsa Hacker Tools
27. Free Pentest Tools For Windows
28. Tools 4 Hack
29. Hacks And Tools
30. Hack Tools Github
31. Tools For Hacker
32. Physical Pentest Tools
33. Usb Pentest Tools
34. Easy Hack Tools
35. Pentest Box Tools Download
36. New Hack Tools
37. Pentest Tools For Windows
38. Pentest Tools Kali Linux
39. Hack Tools For Games
40. How To Make Hacking Tools
41. Pentest Tools Bluekeep
42. Black Hat Hacker Tools
43. Pentest Tools For Windows
44. Pentest Tools Find Subdomains
45. Hack Tools For Windows
46. Hacker Tool Kit
47. Hacking Tools Online
48. Hacker Tools Hardware
49. Tools Used For Hacking
50. Hacker Tools Online
51. Hacker Security Tools
52. Hacker Tools Apk Download
53. How To Make Hacking Tools
54. Hacker Tools Github
55. Hacker Techniques Tools And Incident Handling
56. Hacker Hardware Tools
57. Pentest Tools Windows
58. Pentest Tools Kali Linux
59. Pentest Tools Alternative
60. Tools Used For Hacking
61. Hackrf Tools
62. Hacker Tools Hardware
63. Pentest Tools Alternative
64. Hacker Security Tools
65. Hack Tools Github
66. Hacks And Tools
67. Hacker
68. Pentest Tools Website Vulnerability
69. Hack App
70. Hack Tool Apk
71. Pentest Tools Tcp Port Scanner
72. Pentest Reporting Tools
73. Pentest Tools Open Source
74. Hak5 Tools
75. Pentest Tools Website Vulnerability
76. Pentest Tools For Android
77. Hack Tools For Mac
78. Nsa Hacker Tools
79. Hacking Tools For Beginners
80. Hacking Tools Free Download
81. Hack Tools
82. Hack Tools Github
83. Blackhat Hacker Tools
84. Physical Pentest Tools
85. Hack Tools Pc
86. How To Hack
87. Best Hacking Tools 2020
88. Termux Hacking Tools 2019
89. Hacking App
90. Hacking Tools Free Download
91. Hacker Tools Hardware
92. Wifi Hacker Tools For Windows
93. Hacker Techniques Tools And Incident Handling
94. Hacking Tools For Games
95. Tools 4 Hack
96. Hacker Tools Windows
97. Hacker Hardware Tools
98. Hacking Tools For Beginners
99. Pentest Tools Url Fuzzer
100. Hack Rom Tools
101. Hack Tools
102. Hack Website Online Tool
103. Hack Tools
104. Hack Tool Apk
105. Hacking Tools For Games
106. Hack Tool Apk
107. Pentest Automation Tools