Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Related articles

1. Physical Pentest Tools
2. Hack Tools Mac
3. Hacking Tools For Windows Free Download
4. Pentest Tools Alternative
5. Hacker Tools Apk
6. Tools 4 Hack
7. Hacker Tools 2019
8. Nsa Hack Tools
9. Hack Tools Download
10. Pentest Tools Linux
11. Hacking Tools For Windows 7
12. Kik Hack Tools
13. Hacker Tools Software
14. Pentest Tools Open Source
15. Hack Tools 2019
16. Nsa Hacker Tools
17. Best Pentesting Tools 2018
18. Hack Tools
19. Android Hack Tools Github
20. Hack Tools
21. Pentest Reporting Tools
22. Easy Hack Tools
23. Pentest Tools For Ubuntu
24. New Hack Tools
25. Blackhat Hacker Tools
26. Pentest Recon Tools
27. Android Hack Tools Github
28. Hacks And Tools
29. Hacker Tools 2019
30. Bluetooth Hacking Tools Kali
31. Pentest Tools List
32. Hack Tool Apk
33. Hacking Apps
34. Underground Hacker Sites
35. Hacking Tools For Games
36. Pentest Tools
37. Top Pentest Tools
38. Hack Tools For Windows
39. Hak5 Tools
40. Hacker Tools Windows
41. Tools Used For Hacking
42. Pentest Tools For Windows
43. Hak5 Tools
44. Pentest Tools Framework
45. Computer Hacker
46. Pentest Tools Find Subdomains
47. Hack Rom Tools
48. Pentest Tools Website Vulnerability
49. Hacker Tools 2020
50. Hacking App
51. Hacking Tools 2019
52. Hacking Tools Pc
53. Hack Tools Github
54. Hack Tools
55. Computer Hacker
56. Usb Pentest Tools
57. Usb Pentest Tools
58. Hacking Tools Kit
59. Hacker Tools Free Download
60. Best Hacking Tools 2019
61. Underground Hacker Sites
62. Hacking Tools Free Download
63. Android Hack Tools Github
64. Blackhat Hacker Tools
65. Hack App
66. Hacker Tools Software
67. Hacking Tools 2019
68. Hacker Techniques Tools And Incident Handling
69. Hacker Tools Free
70. Kik Hack Tools
71. Hak5 Tools
72. Pentest Reporting Tools
73. Pentest Tools Alternative
74. Bluetooth Hacking Tools Kali
75. Github Hacking Tools
76. Hacking Tools Github
77. Hacker
78. Hacking Tools For Kali Linux
79. Hacking Tools Name
80. Best Pentesting Tools 2018
81. Pentest Tools For Windows
82. Kik Hack Tools
83. Nsa Hacker Tools
84. Game Hacking
85. Best Hacking Tools 2020
86. Pentest Tools Bluekeep
87. Tools 4 Hack
88. Hacker Tools Software
89. Pentest Tools Subdomain
90. Hak5 Tools
91. Hack Tools For Pc
92. Pentest Tools For Mac
93. Pentest Tools Tcp Port Scanner
94. Pentest Automation Tools
95. Hacker Security Tools
96. Hacking Tools For Windows Free Download
97. Hacking Tools Online
98. Hack Tools For Windows
99. Hacker Tools Free
100. Hacker Hardware Tools
101. Wifi Hacker Tools For Windows
102. Hack Tools Mac
103. Pentest Tools Url Fuzzer
104. Hacker Tools
105. Pentest Tools Website Vulnerability