[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19200 [Applications/Tor Browser]: HTML5 video not blocked with placeholder, plays automatically
#19200: HTML5 video not blocked with placeholder, plays automatically
-------------------------------------------------+-------------------------
Reporter: potato | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-security-slider, | Actual Points:
tbb-6.0-issues, noscript, GeorgKoppen201611, |
TorBrowserTeam201611 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ma1):
Replying to [comment:37 i139]:
> what is the advances of MSE use instance of non-MSE use? should be
measured the advances and the difficulty of implementation of this
technology, like this issue with placeholder
Proponents of this technology will tell you that it allows to move into
the web platform a lot of logic (mostly for adaptative bit rate) which was
implemented natively in custom players or in Flash.
As a side effect the data flow *appears* less transparent, but what we
should focus on is that the JavaScript on a certain webpage has now the
power to fuzz (and possibly exploit) any available HTML 5 media codec
*without even touching the network*. That's way I believe restricting MSE
usage as an additional permission for the site (or the webpage, as I said,
for convenience rather than security, e.g. on Youtube) is the most
sensible approach: exactly the same NoScript already adopts for WebGL.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19200#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs