add 'media.source.enabled' only where JS is enabled in security settings
media source extensions (MSE)is a "specification allows JavaScript to dynamically construct media streams for and "
the advances of MSE are:
Allow JavaScript to construct media streams independent of how the media is fetched.
Define a splicing and buffering model that facilitates use cases like adaptive streaming, ad-insertion, time-shifting, and video editing.
Minimize the need for media parsing in JavaScript.
Leverage the browser cache as much as possible.
Provide requirements for byte stream format specifications.
Not require support for any particular media format or codec.
but as user ma1 say in #19200 (moved)#comment:38
As a side effect the data flow appears less transparent, but what we should focus on is that the JavaScript on a certain webpage has now the power to fuzz (and possibly exploit) any available HTML 5 media codec without even touching the network.
put from true to false in 'media.source.enabled' when using high in security settings, probably will be a good for hypothetical security
Trac:
Username: i139