Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Related articles

1. Hacks And Tools
2. Pentest Tools Open Source
3. Nsa Hack Tools Download
4. Pentest Box Tools Download
5. Hacker Tools For Ios
6. Hack Tools For Windows
7. Hacker Tools 2019
8. Pentest Tools Github
9. Hacker Tools For Ios
10. Hack Tools For Mac
11. Hack Apps
12. Pentest Tools Alternative
13. Pentest Automation Tools
14. Pentest Tools Android
15. Nsa Hack Tools Download
16. Hacking Apps
17. Hacker Tools Linux
18. Hacker Tools Hardware
19. Pentest Tools Linux
20. Hack Tools For Ubuntu
21. Best Hacking Tools 2020
22. Blackhat Hacker Tools
23. Beginner Hacker Tools
24. Hacking Tools Kit
25. Ethical Hacker Tools
26. Hacking Tools For Pc
27. Hacking Tools For Kali Linux
28. Nsa Hacker Tools