The Latest in IT Security

Fear of the HTML5


Right at the beginning of this article – I must admit that I’m definitely not a specialist for the newest trends in web development. Consider following contemplation only as a thinking of an amateur. Today I’ve noticed an article about the first MP3 codec written in JavaScript ( in order to support this media format in all browsers (even when they have no native support/codec for such media). Sounds great for such kind of inexact specification like <audio> and <video> tags, that can encapsulate variable media formats. The particular media format does not matter (MP3, OGG, FLAC etc.), the only thing you need is to provide a codec.

And here begins the chain of my concerns. Remember, I’m not a specialist on this topic, thus… everything written here might be a complete nonsense. But I can imagine a scenario:

  1. prepare a specially crafted “media” file – generally an encrypted file with a shellcode/payload
  2. encapsulate its reference in an <audio> tag
  3. have a JavaScript close at hand.. it will carry the decryption of the “media” file content and the exploitation, subsequently followed by the malcode execution.. the goal is that the JavaScript will be called as a regular codec for the specified media file

Does it sound impossible to you? Use the comments section bellow to share your opinions. I’m quite afraid of such a huge door open for new ways of exploitation/infection.

Leave a reply


MONDAY, JULY 04, 2022

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments