[Bug 1053985] [NEW] gecko-mediaplayer package should not bundle so many plugins for security reasons
Nick Rundy
1053985 at bugs.launchpad.net
Fri Sep 21 11:41:09 UTC 2012
Public bug reported:
Web browser plugins are a major vector for exploit on the internet. For
security reasons, it is best not to install plugins you don't need. Yet
Ubuntu-packages bundle numerous plugins together. For example, if I use
one single plugin (e.g., Windows Media Player Plug-in), I have to
install the gecko-mediaplayer package. Yet the gecko-mediaplayer package
installs 4 additional plugins in addition to the Windows Media Player
Plug-in. I NEVER use the 4 additional plugins that are installed.
Further, among the 4 additional plugins installed are QuickTime and
RealPlayer. Two plugins that are notoriously exploited on the web.
The gecko-mediaplayer package should not bundle so many plugins together. A separate package should exist for each plugin. Or some other solution should be developed that allows users to only install the plugin they actually use.
Security is a major problem these days and users should not have to
install more plugins than they actually use, especially when the unused
plugins are notorious for security vulnerabilities.
** Affects: ubuntu-meta (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1053985
Title:
gecko-mediaplayer package should not bundle so many plugins for
security reasons
Status in “ubuntu-meta” package in Ubuntu:
New
Bug description:
Web browser plugins are a major vector for exploit on the internet.
For security reasons, it is best not to install plugins you don't
need. Yet Ubuntu-packages bundle numerous plugins together. For
example, if I use one single plugin (e.g., Windows Media Player Plug-
in), I have to install the gecko-mediaplayer package. Yet the gecko-
mediaplayer package installs 4 additional plugins in addition to the
Windows Media Player Plug-in. I NEVER use the 4 additional plugins
that are installed. Further, among the 4 additional plugins installed
are QuickTime and RealPlayer. Two plugins that are notoriously
exploited on the web.
The gecko-mediaplayer package should not bundle so many plugins together. A separate package should exist for each plugin. Or some other solution should be developed that allows users to only install the plugin they actually use.
Security is a major problem these days and users should not have to
install more plugins than they actually use, especially when the
unused plugins are notorious for security vulnerabilities.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1053985/+subscriptions
More information about the foundations-bugs
mailing list