[Bug 1053985] Re: gecko-mediaplayer package should not bundle so many plugins for security reasons

Kevin DeKorte kdekorte at gmail.com
Tue Jun 18 05:12:39 UTC 2013 

gecko-mediaplayer is a single plugin with an emulation layer for the
various plugins. So the same plugin that does windows media also does
quicktime, and others. So splitting them doesn't really give you anymore
security.

Also, if the user is concerned about this, they can start gnome-mplayer
and choose edit -> Preferences [plugin] and then disable the plugins
they do not want emulated.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1053985

Title:
  gecko-mediaplayer package should not bundle so many plugins for
  security reasons

Status in “ubuntu-meta” package in Ubuntu:
  Confirmed

Bug description:
  Web browser plugins are a major vector for exploit on the internet.
  For security reasons, it is best not to install plugins you don't
  need. Yet Ubuntu-packages bundle numerous plugins together. For
  example, if I use one single plugin (e.g., Windows Media Player Plug-
  in), I have to install the gecko-mediaplayer package. Yet the gecko-
  mediaplayer package installs 4 additional plugins in addition to the
  Windows Media Player Plug-in. I NEVER use the 4 additional plugins
  that are installed. Further, among the 4 additional plugins installed
  are QuickTime and RealPlayer. Two plugins that are notoriously
  exploited on the web.

  
  The gecko-mediaplayer package should not bundle so many plugins together. A separate package should exist for each plugin. Or some other solution should be developed that allows users to only install the plugin they actually use.

  Security is a major problem these days and users should not have to
  install more plugins than they actually use, especially when the
  unused plugins are notorious for security vulnerabilities.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1053985/+subscriptions

More information about the foundations-bugs mailing list