Bug#837091: firefox-esr: EME DRM extention present and enabled
Tjeerd Pinkert
t.j.pinkert at alumnus.utwente.nl
Thu Sep 8 18:14:28 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: firefox-esr
Version: 45.3.0esr-1~deb8u1
Severity: serious
Tags: security upstream
Justification: Policy 2.2.1 must comply with the DFSG
Dear Maintainer,
after reading up a bit (late(ly)) on the W3C EME proposed standard for
embedding of DRM managed content in web pages, I decided to have a
look if it is present in the firefox browser. about:config shows the
following:
media.eme.apiVisible;true
media.eme.enabled;true
I think the presence of code that requires closed source components to
function, might violate the DFSG for the main section? On the other
hand, no package relation is available in the non-free section as far
as I see that is actively depended on. If a decision has been taken on
this already, then please close.
I have not found this in the system for the firefox-esr package, I did
find bug 748342 (iceweasel), and the upstream bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1011459
and a discussion at:
http://forums.debian.net/viewtopic.php?f=20&t=114687
First of all I disabled the function by setting the above values to:
false.
It would be better to have support for EME removed altogether to be free
of any possible legal issues arising from DRM enabled software.
Yours,
Tjeerd Pinkert
P.S. yes I know, having flash installed as a plugin is as bad as
having EME enabled... Trying to block as much as possible though...
- -- Package-specific info:
- -- Extensions information
Name: Adblock Plus
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d1
0d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled
Name: Cookie Monster
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{45
d8ff86-d909-11db-9705-005056c00008}
Package: xul-ext-cookie-monster
Status: enabled
Name: Default theme
Location:
/usr/lib/firefox-esr/browser/extensions/{972ce4c6-7e08-4474-a285-3208198
ce6fd}.xpi
Package: firefox-esr
Status: enabled
Name: DOM Inspector
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ins
pector at mozilla.org
Package: xul-ext-dom-inspector
Status: enabled
Name: Element Hiding Helper for Adblock Plus
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ele
mhidehelper at adblockplus.org
Package: xul-ext-adblock-plus-element-hiding-helper
Status: enabled
Name: English (GB) Language Pack locale
Location:
/usr/lib/firefox-esr/browser/extensions/langpack-en-GB at firefox-esr.mozil
la.org.xpi
Package: firefox-esr-l10n-en-gb
Status: enabled
Name: Firefox Hello Beta
Location: ${PROFILE_EXTENSIONS}/loop at mozilla.org.xpi
Status: enabled
Name: Flashblock
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{3d
7eb24f-2740-49df-8937-200b1cc08f8a}
Package: xul-ext-flashblock
Status: enabled
Name: FlashGot
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{19
503e42-ca3c-4c27-b1e2-9cdb2170ee34}
Package: xul-ext-flashgot
Status: enabled
Name: Lightbeam
Location: ${PROFILE_EXTENSIONS}/jid1-F9UJ2thwoAm5gQ at jetpack.xpi
Status: enabled
Name: Nederlands (NL) Language Pack locale
Location:
/usr/lib/firefox-esr/browser/extensions/langpack-nl at firefox-esr.mozilla.
org.xpi
Package: firefox-esr-l10n-nl
Status: enabled
Name: NoScript
Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232}.x
pi
Status: enabled
- -- Plugins information
Name: Gnome Shell Integration
Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so
Package: gnome-shell
Status: disabled
Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: disabled
Name: Shockwave Flash (11.2.202.632)
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled
- -- Addons package information
ii firefox-esr 45.3.0esr-1~ amd64 Mozilla Firefox web
browser - Ext
ii firefox-esr-l1 45.3.0esr-1~ all English (United Kingdom)
language
ii firefox-esr-l1 45.3.0esr-1~ all Dutch language package
for Firefo
ii gnome-shell 3.14.4-1~deb amd64 graphical shell for the
GNOME des
ii rhythmbox-plug 3.1-1 amd64 plugins for rhythmbox
music playe
ii xul-ext-adbloc 2.6.6+dfsg-1 all advertisement blocking
extension
ii xul-ext-adbloc 1.3-1 all companion for Adblock
Plus to cre
ii xul-ext-cookie 1.2.0-1 all manage cookies in a
whitelist-bas
ii xul-ext-dom-in 1:2.0.14-1 all tool for inspecting the
DOM of we
ii xul-ext-flashb 1.5.18-1 all Mozilla extension to
block Adobe
ii xul-ext-flashg 1.5.6.7+dfsg all Extension to handle
downloads wit
- -- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages firefox-esr depends on:
ii debianutils 4.4+b1
ii fontconfig 2.11.0-6.3+deb8u1
ii libasound2 1.0.28-1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-18+deb8u4
ii libcairo2 1.14.0-2.1+deb8u1
ii libdbus-1-3 1.8.20-0+deb8u1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-5 2.0.21-stable-2
ii libffi6 3.1-2+b2
ii libfontconfig1 2.11.0-6.3+deb8u1
ii libfreetype6 2.5.2-3+deb8u1
ii libgcc1 1:4.9.2-10
ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u5
ii libglib2.0-0 2.42.1-1+b1
ii libgtk2.0-0 2.24.25-3+deb8u1
ii libhunspell-1.3-0 1.3.3-3
ii libpango-1.0-0 1.36.8-3
ii libsqlite3-0 3.8.7.1-1+deb8u1
ii libstartup-notification0 0.12-4
ii libstdc++6 4.9.2-10
ii libx11-6 2:1.6.2-3
ii libxcomposite1 1:0.4.4-1
ii libxdamage1 1:1.1.4-2+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+b2
ii libxrender1 1:0.9.8-1+b1
ii libxt6 1:1.1.4-1+b1
ii procps 2:3.3.9-9
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages firefox-esr recommends:
ii gstreamer1.0-libav 1.4.4-2
ii gstreamer1.0-plugins-good 1.4.4-2
Versions of packages firefox-esr suggests:
ii fonts-lmodern 2.004.4-5
ii fonts-stix [otf-stix] 1.1.1-1
ii libcanberra0 0.30-2.1
ii libgnomeui-0 2.24.5-3
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
pn mozplugger <none>
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlfRqoQACgkQ9xQaBfeouaqmDQCbBlfBXfkgzOdLOB5kL4nyIZta
Q2kAn1CLUArTQD54c5KdvmKc0SDTDhZa
=TCWT
-----END PGP SIGNATURE-----
More information about the pkg-mozilla-maintainers
mailing list