Bug#837091: firefox-esr: EME DRM extention present and enabled

Tjeerd Pinkert t.j.pinkert at alumnus.utwente.nl
Thu Sep 8 18:14:28 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: firefox-esr
Version: 45.3.0esr-1~deb8u1
Severity: serious
Tags: security upstream
Justification: Policy 2.2.1 must comply with the DFSG

Dear Maintainer,

after reading up a bit (late(ly)) on the W3C EME proposed standard for
embedding of DRM managed content in web pages, I decided to have a
look if it is present in the firefox browser. about:config shows the
following:

media.eme.apiVisible;true
media.eme.enabled;true

I think the presence of code that requires closed source components to
function, might violate the DFSG for the main section? On the other
hand, no package relation is available in the non-free section as far
as I see that is actively depended on. If a decision has been taken on
this already, then please close.

I have not found this in the system for the firefox-esr package, I did
find bug 748342 (iceweasel), and the upstream bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1011459
and a discussion at:
http://forums.debian.net/viewtopic.php?f=20&t=114687

First of all I disabled the function by setting the above values to:
false.

It would be better to have support for EME removed altogether to be free
of any possible legal issues arising from DRM enabled software.

Yours,


Tjeerd Pinkert


P.S. yes I know, having flash installed as a plugin is as bad as
having EME enabled... Trying to block as much as possible though...


- -- Package-specific info:

- -- Extensions information
Name: Adblock Plus
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d1
0d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled

Name: Cookie Monster
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{45
d8ff86-d909-11db-9705-005056c00008}
Package: xul-ext-cookie-monster
Status: enabled

Name: Default theme
Location:
/usr/lib/firefox-esr/browser/extensions/{972ce4c6-7e08-4474-a285-3208198
ce6fd}.xpi
Package: firefox-esr
Status: enabled

Name: DOM Inspector
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ins
pector at mozilla.org
Package: xul-ext-dom-inspector
Status: enabled

Name: Element Hiding Helper for Adblock Plus
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ele
mhidehelper at adblockplus.org
Package: xul-ext-adblock-plus-element-hiding-helper
Status: enabled

Name: English (GB) Language Pack locale
Location:
/usr/lib/firefox-esr/browser/extensions/langpack-en-GB at firefox-esr.mozil
la.org.xpi
Package: firefox-esr-l10n-en-gb
Status: enabled

Name: Firefox Hello Beta
Location: ${PROFILE_EXTENSIONS}/loop at mozilla.org.xpi
Status: enabled

Name: Flashblock
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{3d
7eb24f-2740-49df-8937-200b1cc08f8a}
Package: xul-ext-flashblock
Status: enabled

Name: FlashGot
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{19
503e42-ca3c-4c27-b1e2-9cdb2170ee34}
Package: xul-ext-flashgot
Status: enabled

Name: Lightbeam
Location: ${PROFILE_EXTENSIONS}/jid1-F9UJ2thwoAm5gQ at jetpack.xpi
Status: enabled

Name: Nederlands (NL) Language Pack locale
Location:
/usr/lib/firefox-esr/browser/extensions/langpack-nl at firefox-esr.mozilla.
org.xpi
Package: firefox-esr-l10n-nl
Status: enabled

Name: NoScript
Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232}.x
pi
Status: enabled

- -- Plugins information
Name: Gnome Shell Integration
Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so
Package: gnome-shell
Status: disabled

Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: disabled

Name: Shockwave Flash (11.2.202.632)
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled


- -- Addons package information
ii  firefox-esr    45.3.0esr-1~ amd64        Mozilla Firefox web
browser - Ext
ii  firefox-esr-l1 45.3.0esr-1~ all          English (United Kingdom)
language
ii  firefox-esr-l1 45.3.0esr-1~ all          Dutch language package
for Firefo
ii  gnome-shell    3.14.4-1~deb amd64        graphical shell for the
GNOME des
ii  rhythmbox-plug 3.1-1        amd64        plugins for rhythmbox
music playe
ii  xul-ext-adbloc 2.6.6+dfsg-1 all          advertisement blocking
extension
ii  xul-ext-adbloc 1.3-1        all          companion for Adblock
Plus to cre
ii  xul-ext-cookie 1.2.0-1      all          manage cookies in a
whitelist-bas
ii  xul-ext-dom-in 1:2.0.14-1   all          tool for inspecting the
DOM of we
ii  xul-ext-flashb 1.5.18-1     all          Mozilla extension to
block Adobe
ii  xul-ext-flashg 1.5.6.7+dfsg all          Extension to handle
downloads wit

- -- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox-esr depends on:
ii  debianutils               4.4+b1
ii  fontconfig                2.11.0-6.3+deb8u1
ii  libasound2                1.0.28-1
ii  libatk1.0-0               2.14.0-1
ii  libc6                     2.19-18+deb8u4
ii  libcairo2                 1.14.0-2.1+deb8u1
ii  libdbus-1-3               1.8.20-0+deb8u1
ii  libdbus-glib-1-2          0.102-1
ii  libevent-2.0-5            2.0.21-stable-2
ii  libffi6                   3.1-2+b2
ii  libfontconfig1            2.11.0-6.3+deb8u1
ii  libfreetype6              2.5.2-3+deb8u1
ii  libgcc1                   1:4.9.2-10
ii  libgdk-pixbuf2.0-0        2.31.1-2+deb8u5
ii  libglib2.0-0              2.42.1-1+b1
ii  libgtk2.0-0               2.24.25-3+deb8u1
ii  libhunspell-1.3-0         1.3.3-3
ii  libpango-1.0-0            1.36.8-3
ii  libsqlite3-0              3.8.7.1-1+deb8u1
ii  libstartup-notification0  0.12-4
ii  libstdc++6                4.9.2-10
ii  libx11-6                  2:1.6.2-3
ii  libxcomposite1            1:0.4.4-1
ii  libxdamage1               1:1.1.4-2+b1
ii  libxext6                  2:1.3.3-1
ii  libxfixes3                1:5.0.1-2+b2
ii  libxrender1               1:0.9.8-1+b1
ii  libxt6                    1:1.1.4-1+b1
ii  procps                    2:3.3.9-9
ii  zlib1g                    1:1.2.8.dfsg-2+b1

Versions of packages firefox-esr recommends:
ii  gstreamer1.0-libav         1.4.4-2
ii  gstreamer1.0-plugins-good  1.4.4-2

Versions of packages firefox-esr suggests:
ii  fonts-lmodern          2.004.4-5
ii  fonts-stix [otf-stix]  1.1.1-1
ii  libcanberra0           0.30-2.1
ii  libgnomeui-0           2.24.5-3
ii  libgssapi-krb5-2       1.12.1+dfsg-19+deb8u2
pn  mozplugger             <none>

- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlfRqoQACgkQ9xQaBfeouaqmDQCbBlfBXfkgzOdLOB5kL4nyIZta
Q2kAn1CLUArTQD54c5KdvmKc0SDTDhZa
=TCWT
-----END PGP SIGNATURE-----

More information about the pkg-mozilla-maintainers mailing list