Bug#769716: iceweasel: downloads Cisco's OpenH264 video codec
Christoph Anton Mitterer
calestyo at scientia.net
Thu Nov 27 14:54:24 UTC 2014
tags 769716 + security
tags 769716 grave
stop
Wow... I've just stumbled over this by accident and this is really
extremely outrageous.
Adding security tag and raising severity to grave, since no one know
what's actually contained in that binary blob, one must basically assume
it's an security breach that tries to install a root-kit.
And access to a normal user is usually equal to access to root on
desktop systems - therefore the severity should actually be critical.
It's really highly disturbing that something like this could slip into
Debian, potentially compromising countless of systems.
And it once more proves the points I've brought up several times on
debian-devel, that we have some severe problems about downloader
packages and software that circumvents the package management system.
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20141127/f795db70/attachment.bin>
More information about the pkg-mozilla-maintainers
mailing list