We're considering shipping fluendo's licensed mp3 decoder with firefox. I'd like to have a security review so we know safe the codebase would be for our users. Source is available from https://core.fluendo.com/gstreamer/svn/trunk/gst-fluendo-mp3/
this will need to be fuzzed
Assignee: nobody → cdiehl
Whiteboard: [pending secreview] → [secr:cdiehl][fuzzing needed]
fuzzing is good!
Status: NEW → ASSIGNED
Stopping here since I haven't found more. Will continue when Fluendo is getting implemented into the tree to test the codec inside the Browser instead of gstreamer.
Whiteboard: [secr:cdiehl][fuzzing needed] → [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy]
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings Priority: N/A Operational: 0 - N/A User: 1 - Minor Privacy: 0 - N/A Engineering: 1 - Minor Reputational: 2 - Normal Priority Score: 0
Whiteboard: [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy] → [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy][score:0::Low]
Marking this as resolved since it is an ongoing task in our fuzzing queue.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Summary: review fluendo mp3 decoder source → SecReview: Fluendo MP3 decoder
Whiteboard: [fuzzing][start mm/dd/yyyy][target mm/dd/yyyy][score:0::Low] → [completed secreview][score:0::Low]
You need to log in before you can comment on or make changes to this bug.