Closed Bug 1105990 Opened 7 years ago Closed 7 years ago
H264 binary blob in "safe mode"
Safe mode is expected to disable all plugins and extensions. H264 binary is downloaded ignoring safe mode. This might severely impact security and stability. Reproduce: - create new profile "Test-gmp" $ firefox -safe-mode -P Test-gmp (process:1539): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 14: reading configurations from ~/.fonts.conf is deprecated. 1417167271211 GMPInstallManager.simpleCheckAndInstall INFO Last check was: 1417167271 seconds ago, minimum seconds: 86400 1417167271212 GMPInstallManager._getURL INFO Using url: https://aus4.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml 1417167271213 GMPInstallManager._getURL INFO Using url (with replacement): https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1417167271215 GMPInstallManager.checkForAddons INFO sending request to: https://aus4.mozilla.org/update/3/GMP/33.1/20141113112934/Linux_x86-gcc3/en-US/default/Linux%203.14.23-100.fc19.i686.PAE%20(GTK%202.24.22)/default/default/update.xml 1417167288189 GMPInstallManager.onLoadXML INFO request completed downlo ading document 1417167288191 GMPInstallManager.onLoadXML INFO allowNonBuiltIn: false 1417167288204 GMPInstallManager.simpleCheckAndInstall INFO Found 1 addons advertised. 1417167288204 GMPInstallManager.simpleCheckAndInstall INFO Found addon: gmp-gmpopenh264 (isValid: true, isInstalled: false, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918) 1417167288326 GMPInstallManager.simpleCheckAndInstall INFO Addon installed successfully: gmp-gmpopenh264 (isValid: true, isInstalled: true, isOpenH264: true, hashFunction: sha512, hashValue: ef401c8c80f98e2df8942e601ccefb41ba701753ac3b28ca8bfa1830780c27a5a17f488ba689427500555753e332a0849aac82e93ef9178c85b06f6f2d44438f, size: 380918)
Severity: major → normal
Component: Security → General
I don't think Safe Mode should disable anything regarding OpenH264. The primary purpose of Safe Mode is to help with troubleshooting stability/performance problems caused by poor-quality 3rd party code, of which addons and NPAPI plugins have a long and notorious history. OpenH264 has a limited purpose, runs in an out-of-process sandbox, and I'm not aware of any problems with that are practically relevant to Safe Mode. Additionally, my understanding is that the only reason it's not simply compiled into Firefox at build time is that there are patent issues around H264. So the fact that it's a downloaded component is really just an implementation detail so far as Safe Mode is concerned -- and Safe Mode doesn't disable any of the other libraries Firefox uses.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.