Open Bug 1196703 Opened 6 years ago Updated 8 months ago

Cisco H.264 plugin should be protected by stronger signature

Categories

(Core :: Security, defect)

defect
Not set
normal

Tracking

()

People

(Reporter: rz, Unassigned)

References

(Blocks 1 open bug)

Details

Currently the binary plugin is downloaded over plain http and a checked against a hash value downloaded from https://aus4.mozilla.org/

( https://bugzilla.mozilla.org/show_bug.cgi?id=1102531 )

The plugin should be properly signed to make MITM attacks harder, the current scheme may fail badly anytime some more TLS bugs surface.
Blocks: OpenH264

https://aus4.mozilla.org/

No longer found; is this bug 1196703 still an issue?

The current update host is aus5.mozilla.org.

You need to log in before you can comment on or make changes to this bug.