See for a way to disable the plugin download. We might want to have something stronger in place. The download uses essentially Mozilla's "cert pinning". Mozilla and Cisco have established a process by which the binary is verified as having been built from the publicly available source, thereby enhancing the transparency and trustworthiness of the system. Although there seems to be kind of a mechanism for Mozilla to verify things: The binary blob is not built reproducibly which poses security risks. It is currently only used for WebRTC which we have disabled ( ) (we should make sure that this argument still holds for ESR 38 when we ship it if that matters) I think we should make sure that the plugin does not get downloaded as: And there is currently now known way to build this binary blob deterministically. The bad news is it needs to get downloaded from Cisco as a binary blob due to patent issues. Primetime Content Decryption Module provided by Adobe Systems, Incorporated Widevine Content Decryption Module provided by Google Inc. We should think about what we want to do with the OpenH264 video codec plugin which Firefox downloads since version 33 shortly after it gets started for the first time (see: and ). Namely: OpenH264 Video Codec provided by Cisco Systems, Inc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |