Opened 6 years ago

Closed 6 years ago

#13020 closed defect (fixed)

Audit gstreamer usage for proxy safety

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: ff31-esr, MikePerry201409, TorBrowserTeam201410
Cc: boklm, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In Firefox30, the Linux builds began using gstreamer by default for displaying HTML5 video. We need to make sure gstreamer is just used for codecs, and not any network activity.

Child Tickets

Change History (4)

comment:1 Changed 6 years ago by mikeperry

Cc: boklm added
Keywords: MikePerry201409 added
Owner: changed from tbb-team to mikeperry
Status: newassigned

I will look at this, but it could probably use another set of eyes and/or some mbox testing.

comment:2 Changed 6 years ago by gk

Cc: gk added

comment:3 Changed 6 years ago by mikeperry

Keywords: TorBrowserTeam201410 added; TorBrowserTeam201409 removed

comment:4 Changed 6 years ago by mikeperry

Resolution: fixed
Status: assignedclosed

Ok, I took a look at this, and it looks like all HTML5 media elements ultimately use ChannelMediaResource, which is owned by the MediaDecoder. nsIChannel is the underlying type of all of these channels, which is proxied. It does not look like gstreamer or any of the other codec support libraries are capable of doing their own streaming.

The only exception I can see is the RtspMediaResource, which should only be used on FirefoxOS.

Note: See TracTickets for help on using tickets.