Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

Related news

1. Bluetooth Hacking Tools Kali
2. Hacker Tools List
3. Nsa Hack Tools
4. Hack Tool Apk No Root
5. Hacker Tools Github
6. Hack Tool Apk No Root
7. Pentest Tools Find Subdomains
8. Pentest Tools List
9. Hacking Tools 2020
10. Pentest Tools Windows
11. Hack Tools For Ubuntu
12. Hackers Toolbox
13. Pentest Tools Kali Linux
14. Ethical Hacker Tools
15. Hacking Tools 2020
16. Hacking Tools Github
17. Hacker Tools Free
18. Pentest Tools Github
19. Pentest Tools Subdomain
20. Hacking Tools Name
21. Hacking Tools And Software
22. Hacking Tools Kit
23. Bluetooth Hacking Tools Kali
24. Pentest Tools Tcp Port Scanner
25. Pentest Tools For Android
26. Computer Hacker
27. Hack Tools For Games
28. New Hack Tools
29. Pentest Tools Windows
30. Hacking Tools Mac
31. How To Make Hacking Tools
32. Bluetooth Hacking Tools Kali
33. Game Hacking
34. Best Pentesting Tools 2018
35. Growth Hacker Tools
36. Hack Tools For Ubuntu
37. Pentest Tools Website Vulnerability
38. Android Hack Tools Github
39. Hacking Tools For Pc
40. Pentest Tools For Ubuntu
41. Hacker Tools For Windows
42. Hacking Tools Download
43. Hacking Tools For Windows 7
44. Hack Rom Tools
45. Github Hacking Tools
46. Hacker Tools Linux
47. Hacking Tools For Pc
48. Hacking Tools Kit
49. Pentest Reporting Tools
50. Pentest Automation Tools
51. Hacking Tools For Beginners
52. Pentest Tools Alternative
53. Pentest Tools For Ubuntu
54. Hacker Tools For Ios
55. How To Install Pentest Tools In Ubuntu
56. Hack Tools Github
57. Hacking Tools Download
58. Pentest Tools Nmap
59. Hacking Tools Hardware
60. Easy Hack Tools
61. Wifi Hacker Tools For Windows
62. Kik Hack Tools
63. Hacker Hardware Tools
64. Hacking Tools Hardware
65. Pentest Tools Linux
66. Pentest Recon Tools
67. Hacking Tools Windows 10
68. Pentest Tools Kali Linux
69. Top Pentest Tools
70. Best Hacking Tools 2020
71. Hacking Tools And Software
72. World No 1 Hacker Software
73. Hackers Toolbox
74. Hacker Tools Apk
75. Hacking Tools Free Download
76. World No 1 Hacker Software
77. Hacking Tools For Windows 7
78. Hacker Techniques Tools And Incident Handling
79. Hacking Tools For Windows 7
80. Pentest Tools Linux
81. Best Hacking Tools 2020
82. Hacker Tools 2019
83. Hacking Tools For Windows
84. Usb Pentest Tools
85. Hacker Techniques Tools And Incident Handling
86. Hacker Tool Kit
87. Hacker Tools Online
88. Install Pentest Tools Ubuntu
89. Hack Tools Github
90. Hacking Tools Windows 10
91. Pentest Tools Github
92. Pentest Tools Nmap
93. Hacking Tools For Mac
94. Hacking Tools Kit
95. Hacking Tools For Windows Free Download
96. Hack Tools Online
97. Pentest Tools For Ubuntu
98. Hack Tools For Pc
99. What Is Hacking Tools
100. Hacking Tools Mac
101. Hacker Tools List
102. Hacker Tools Windows