Closed Bug 1105990 Opened 7 years ago Closed 7 years ago

downloads OpenH264 binary blob in "safe mode"

Categories

(Firefox :: General, defect)

33 Branch
x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: rz, Unassigned)

References

(Blocks 1 open bug)

Details

Safe mode is expected to disable all plugins and extensions.

H264 binary is downloaded ignoring safe mode. This might severely impact security and stability. 

Reproduce:
- create new profile "Test-gmp"

$ firefox  -safe-mode -P Test-gmp

(process:1539): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 14: reading configurations from ~/.fonts.conf is deprecated.
1417167271211   GMPInstallManager.simpleCheckAndInstall INFO    Last check was: 1417167271 seconds ago, minimum seconds: 86400
1417167271212   GMPInstallManager._getURL       INFO    Using url: https://aus4.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
1417167271213   GMPInstallManager._getURL       INFO    Using url (with replacement): https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml
1417167271215   GMPInstallManager.checkForAddons        INFO    sending request to: https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml
1417167288189   GMPInstallManager.onLoadXML     INFO    request completed downlo
ading document
1417167288191   GMPInstallManager.onLoadXML     INFO    allowNonBuiltIn: false
1417167288204   GMPInstallManager.simpleCheckAndInstall INFO    Found 1 addons advertised.
1417167288204   GMPInstallManager.simpleCheckAndInstall INFO    Found addon: gmp-gmpopenh264 (isValid: true, isInstalled: false, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918)
1417167288326   GMPInstallManager.simpleCheckAndInstall INFO    Addon installed successfully: gmp-gmpopenh264 (isValid: true, isInstalled: true, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918)
Blocks: OpenH264
Severity: major → normal
Component: Security → General
I don't think Safe Mode should disable anything regarding OpenH264.

The primary purpose of Safe Mode is to help with troubleshooting stability/performance problems caused by poor-quality 3rd party code, of which addons and NPAPI plugins have a long and notorious history. OpenH264 has a limited purpose, runs in an out-of-process sandbox, and I'm not aware of any problems with that are practically relevant to Safe Mode.

Additionally, my understanding is that the only reason it's not simply compiled into Firefox at build time is that there are patent issues around H264. So the fact that it's a downloaded component is really just an implementation detail so far as Safe Mode is concerned -- and Safe Mode doesn't disable any of the other libraries Firefox uses.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.