Security Surprises On Firefox Quantum

This morning I've found an scaring surprise on my Firefox Quantum. Casually it was connected to a proxy when an unexpected connection came up, the browser  was connecting to an unknown remote site via HTTP and downloading a ZIP that contains an ELF shared library, without any type of signature on it.

This means two things

1) the owner of that site might spread malware infecting many many people.
2) the ISP also might do that.


Ubuntu Version:

Firefox Quantum version:

The URL: hxxp://ciscobinary.openh264.org/openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip

The zip contains these two files:
  3f201a8984d6d765bc81966842294611  libgmpopenh264.so
  44aef3cd6b755fa5f6968725b67fd3b8  gmpopenh264.info

The info file:
  Name: gmpopenh264
  Description: GMP Plugin for OpenH264.
  Version: 1.6.0
  APIs: encode-video[h264], decode-video[h264]

So there is a remote codec loading system that is unsigned and unencrypted, I think is good to be aware of it.

In this case the shared library is a video decoder, but it would be a vector to distribute malware o spyware massively, or an attack vector for a MITM attacker.

More info

1. Physical Pentest Tools
2. Pentest Tools Download
3. Hacker Tools Apk
4. Termux Hacking Tools 2019
5. Hacker Tools 2019
6. Top Pentest Tools
7. Free Pentest Tools For Windows
8. Black Hat Hacker Tools
9. Hacking Tools Mac
10. Pentest Tools Website
11. Kik Hack Tools
12. Pentest Automation Tools
13. Hacking Tools For Windows 7
14. Hacker
15. Hacking Apps
16. Pentest Tools For Android
17. Pentest Tools Port Scanner
18. Hack Tools For Games
19. Hacking App
20. Android Hack Tools Github
21. Hack Tools Mac
22. Install Pentest Tools Ubuntu
23. Hacking Tools Hardware
24. Pentest Tools Linux
25. Hack App
26. Hacker Search Tools
27. Pentest Tools Alternative
28. Hack Tools
29. Hack Apps
30. Physical Pentest Tools
31. Hacker Tools Free
32. What Are Hacking Tools
33. Pentest Tools Android
34. Hackrf Tools
35. Hacker Tools Github
36. Hacker Tools For Mac
37. Hack Tools 2019
38. Blackhat Hacker Tools
39. Top Pentest Tools
40. Hacker Tools Mac
41. How To Make Hacking Tools
42. Hacking Tools Download
43. Hack Tool Apk
44. Github Hacking Tools
45. Beginner Hacker Tools
46. Hack Website Online Tool
47. Hacker Tools Software
48. Hacker Tools Software
49. Hacking Tools Usb
50. Beginner Hacker Tools
51. Hacking Tools For Kali Linux
52. Pentest Tools Url Fuzzer
53. Hacker Tools For Mac
54. Install Pentest Tools Ubuntu
55. Hacker Tools Linux
56. Pentest Tools List
57. Hacker Tools Hardware
58. Pentest Tools Alternative
59. Pentest Tools Apk
60. Hack Apps
61. Hacking Tools Name
62. Hacker Tools Free Download
63. Best Hacking Tools 2020
64. Hack And Tools
65. Hacking Tools For Pc
66. Hacker Tools Apk Download
67. Hacker Tools For Ios
68. Beginner Hacker Tools
69. Hack Tools 2019
70. Hack Tools 2019
71. Best Hacking Tools 2020
72. Hacker Tools Github
73. Hacker
74. Tools 4 Hack
75. Pentest Tools For Windows
76. Usb Pentest Tools
77. Tools 4 Hack
78. Pentest Box Tools Download
79. Hack Rom Tools
80. Hacking Tools
81. Pentest Tools
82. Hack Tools Download
83. Hacker Techniques Tools And Incident Handling
84. Hacker Tools List
85. Hacking Tools And Software
86. Hacking App
87. Hack Tools
88. Hacking Tools For Windows Free Download
89. Hacker Tools For Mac
90. Pentest Tools Url Fuzzer
91. Pentest Tools Free
92. Hack Tools For Windows
93. Bluetooth Hacking Tools Kali
94. Pentest Tools Review
95. Tools For Hacker
96. New Hack Tools
97. Hack Tool Apk
98. Hackrf Tools
99. Hacking Tools Windows 10
100. Hacking Tools Mac
101. Hack And Tools
102. Pentest Tools For Android
103. Pentest Recon Tools
104. Hacker Search Tools
105. Hacking Tools Kit
106. Hacker Tools Linux
107. Pentest Tools List
108. What Is Hacking Tools
109. Hack Tools Mac
110. Hack Tools For Ubuntu
111. Termux Hacking Tools 2019
112. Pentest Tools Kali Linux
113. Hacker Tools Mac
114. Wifi Hacker Tools For Windows
115. Github Hacking Tools
116. Ethical Hacker Tools