2020年8月22日星期六

Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:


Firefox Quantum version:



The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip




The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.




Related posts
  1. Hacking Tools 2019
  2. Github Hacking Tools
  3. How To Install Pentest Tools In Ubuntu
  4. Hacker Tools Free Download
  5. Hacker Techniques Tools And Incident Handling
  6. Pentest Tools
  7. Pentest Reporting Tools
  8. Best Hacking Tools 2019
  9. Hacking Tools Name
  10. Pentest Tools Windows
  11. Pentest Tools Subdomain
  12. How To Hack
  13. What Are Hacking Tools
  14. Hack Tools 2019
  15. Pentest Tools For Android
  16. Hacking Tools Pc
  17. Physical Pentest Tools
  18. Hacking Tools For Windows 7
  19. Hack Tools For Pc
  20. Hack Tools
  21. Computer Hacker
  22. Android Hack Tools Github
  23. New Hack Tools
  24. Hack Tool Apk
  25. Hack Tool Apk No Root
  26. Hack Tool Apk
  27. Hacker Tools Software
  28. Pentest Tools Port Scanner
  29. Pentest Tools Framework
  30. Game Hacking
  31. Hack Tool Apk
  32. Hacker Tools Free
  33. Usb Pentest Tools
  34. Bluetooth Hacking Tools Kali
  35. Best Hacking Tools 2019
  36. Pentest Tools Open Source
  37. Pentest Tools Download
  38. Hacking Tools Kit
  39. Hacker Tools List
  40. Pentest Tools Subdomain
  41. Usb Pentest Tools
  42. Hacking Tools For Kali Linux
  43. Github Hacking Tools
  44. Wifi Hacker Tools For Windows
  45. Hacker Techniques Tools And Incident Handling
  46. Blackhat Hacker Tools
  47. Hacker Tools Github
  48. Pentest Tools Open Source
  49. Hack Tools For Pc
  50. Hacking Tools For Kali Linux
  51. Hacker Tools 2019
  52. Pentest Tools For Ubuntu
  53. Hack Tools Github
  54. Pentest Tools Online
  55. Ethical Hacker Tools
  56. Pentest Tools Find Subdomains
  57. Tools 4 Hack
  58. Physical Pentest Tools
  59. Ethical Hacker Tools
  60. Pentest Tools For Windows
  61. Pentest Tools Android
  62. Kik Hack Tools
  63. Hacking Tools Github
  64. Hacker Tools Free Download
  65. Hacker Tools Free
  66. Hack Tools For Mac
  67. Pentest Tools Find Subdomains
  68. Hacker Tools Software
  69. Install Pentest Tools Ubuntu
  70. Black Hat Hacker Tools
  71. Pentest Tools Subdomain
  72. Hacking Tools And Software
  73. Blackhat Hacker Tools
  74. Free Pentest Tools For Windows
  75. How To Install Pentest Tools In Ubuntu
  76. Pentest Box Tools Download
  77. Pentest Tools Bluekeep
  78. How To Hack
  79. Bluetooth Hacking Tools Kali
  80. Hack Tools Download
  81. Hacker Tools Mac
  82. Hacking Tools Github
  83. Computer Hacker
  84. Hack Tools Online
  85. Hack Website Online Tool
  86. Android Hack Tools Github
  87. Hack Tools 2019
  88. Computer Hacker
  89. Termux Hacking Tools 2019
  90. Wifi Hacker Tools For Windows
  91. Pentest Tools Nmap
  92. Pentest Tools Website
  93. Hack Tool Apk No Root
  94. Hacking Tools Github
  95. Hacking Tools 2020
  96. Hacking Tools Usb
  97. Hacking Tools 2019
  98. Hacker Tools For Windows
  99. Hacker Tools Apk
  100. Hacking Apps
  101. Pentest Automation Tools
  102. Tools For Hacker
  103. Pentest Tools Open Source
  104. Hacking Apps
  105. Hacker
  106. Hacking Tools For Games
  107. Pentest Tools Alternative
  108. Hack Tools For Mac
  109. Hack Tools Pc
  110. Pentest Tools List
  111. Hack Tool Apk
  112. Pentest Tools Github
  113. Hack Tools For Ubuntu
  114. Hacking Tools Mac
  115. Bluetooth Hacking Tools Kali
  116. Hacker Tools 2019
  117. Hack Rom Tools
  118. Hacking App
  119. Game Hacking
  120. Hacker Tools For Ios
  121. Hacker Tools 2020
  122. Hacking Tools Name
  123. Pentest Tools Android
  124. Hacking Tools Pc
  125. Hacker Hardware Tools
  126. How To Install Pentest Tools In Ubuntu
  127. Hack Tools Download
  128. Hacking Tools Name
  129. Pentest Automation Tools
  130. Pentest Tools
  131. Hacking Tools 2019
  132. New Hacker Tools
  133. Hacker Tools For Windows
  134. Hacker Tools For Ios
  135. Pentest Tools Framework
  136. Tools 4 Hack
  137. World No 1 Hacker Software
  138. Nsa Hack Tools
发帖者 时间:

没有评论:

发表评论

订阅: 博文评论 (Atom)