Bug#769716: Info received (iceweasel: downloads Cisco's OpenH264 video codec)
Mike Hommey
mh at glandium.org
Sun Nov 30 00:38:24 UTC 2014
On Sat, Nov 29, 2014 at 04:39:33PM +0100, Christoph Anton Mitterer wrote:
> Honi soit qui mal y pense - CVE-2014-8001.
>
> So no we already have the case of an "accidental" vulnerability in the
> binary blob... who knows what's really behind that ;)
>
> (And yes, Cisco/Mozilla claim in the meantime that this doesn't affect
> the version spread in binary form - but again... has anyone trustworthy
> verified this?)
https://bugzilla.mozilla.org/show_bug.cgi?id=1105688#c3
You're free to replicate the verification.
Also note this code doesn't run unless you do webrtc calls in h264.
Mike
More information about the pkg-mozilla-maintainers
mailing list