[Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
Christian Boltz
1777070 at bugs.launchpad.net
Sun Nov 15 13:58:27 UTC 2020
> The second rule allows firefox to load and run code from that location.
> But doesn't allow firefox to write to it. So if there is malware [...]
That's correct for the added rule, but the profile also has
owner @{HOME}/.{firefox,mozilla}/** rw,
which means firefox _can_ write to that location.
However, this doesn't make the new rule for @{HOME}/.mozilla/firefox
/*/gmp-widevinecdm/*/lib*so m, too bad because the profile also allows m
for plugins already.
owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
which already allows to run code from more writeable locations.
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1777070/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list