Open Bug 1196703 Opened 9 years ago Updated 2 years ago

Cisco H.264 plugin should be protected by stronger signature

Tracking

()

Status:

NEW

People

(Reporter: rz, Unassigned)

References

(Blocks 1 open bug)

Details

Richard Z.

Reporter

Description

•

9 years ago

Currently the binary plugin is downloaded over plain http and a checked against a hash value downloaded from https://aus4.mozilla.org/ ( https://bugzilla.mozilla.org/show_bug.cgi?id=1102531 ) The plugin should be properly signed to make MITM attacks harder, the current scheme may fail badly anytime some more TLS bugs surface.

Richard Z.

Reporter

Updated

•

9 years ago

Blocks: WebRTC-OpenH264

Graham Perrin

Comment 1

•

4 years ago

… https://aus4.mozilla.org/ …

No longer found; is this bug 1196703 still an issue?

Masatoshi Kimura [:emk]

Comment 2

•

4 years ago

The current update host is aus5.mozilla.org.

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Cisco H.264 plugin should be protected by stronger signature

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: rz, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated