[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #20744 [- Select a component]: add 'media.source.enabled' change in security setting
#20744: add 'media.source.enabled' change in security setting
--------------------------------------+-----------------
Reporter: i139 | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+-----------------
media source extensions (MSE)is a "specification allows JavaScript to
dynamically construct media streams for <audio> and <video>"
the advances of MSE are:
Allow JavaScript to construct media streams independent of how the
media is fetched.
Define a splicing and buffering model that facilitates use cases like
adaptive streaming, ad-insertion, time-shifting, and video editing.
Minimize the need for media parsing in JavaScript.
Leverage the browser cache as much as possible.
Provide requirements for byte stream format specifications.
Not require support for any particular media format or codec.
but as user ma1 say in #19200#comment:38
>As a side effect the data flow *appears* less transparent, but what we
should focus on is that the JavaScript on a certain webpage has now the
power to fuzz (and possibly exploit) any available HTML 5 media codec
*without even touching the network*.
put from true to false in 'media.source.enabled' when using high in
security settings, probably will be a good for hypothetical security
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20744>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs