-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: firefox-esr Version: 45.3.0esr-1~deb8u1 Severity: serious Tags: security upstream Justification: Policy 2.2.1 must comply with the DFSG
Dear Maintainer, after reading up a bit (late(ly)) on the W3C EME proposed standard for embedding of DRM managed content in web pages, I decided to have a look if it is present in the firefox browser. about:config shows the following: media.eme.apiVisible;true media.eme.enabled;true I think the presence of code that requires closed source components to function, might violate the DFSG for the main section? On the other hand, no package relation is available in the non-free section as far as I see that is actively depended on. If a decision has been taken on this already, then please close. I have not found this in the system for the firefox-esr package, I did find bug 748342 (iceweasel), and the upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1011459 and a discussion at: http://forums.debian.net/viewtopic.php?f=20&t=114687 First of all I disabled the function by setting the above values to: false. It would be better to have support for EME removed altogether to be free of any possible legal issues arising from DRM enabled software. Yours, Tjeerd Pinkert P.S. yes I know, having flash installed as a plugin is as bad as having EME enabled... Trying to block as much as possible though... - -- Package-specific info: - -- Extensions information Name: Adblock Plus Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d1 0d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Package: xul-ext-adblock-plus Status: enabled Name: Cookie Monster Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{45 d8ff86-d909-11db-9705-005056c00008} Package: xul-ext-cookie-monster Status: enabled Name: Default theme Location: /usr/lib/firefox-esr/browser/extensions/{972ce4c6-7e08-4474-a285-3208198 ce6fd}.xpi Package: firefox-esr Status: enabled Name: DOM Inspector Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ins pec...@mozilla.org Package: xul-ext-dom-inspector Status: enabled Name: Element Hiding Helper for Adblock Plus Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ele mhidehel...@adblockplus.org Package: xul-ext-adblock-plus-element-hiding-helper Status: enabled Name: English (GB) Language Pack locale Location: /usr/lib/firefox-esr/browser/extensions/langpack-en-GB@firefox-esr.mozil la.org.xpi Package: firefox-esr-l10n-en-gb Status: enabled Name: Firefox Hello Beta Location: ${PROFILE_EXTENSIONS}/l...@mozilla.org.xpi Status: enabled Name: Flashblock Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{3d 7eb24f-2740-49df-8937-200b1cc08f8a} Package: xul-ext-flashblock Status: enabled Name: FlashGot Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{19 503e42-ca3c-4c27-b1e2-9cdb2170ee34} Package: xul-ext-flashgot Status: enabled Name: Lightbeam Location: ${PROFILE_EXTENSIONS}/jid1-f9uj2thwoam...@jetpack.xpi Status: enabled Name: Nederlands (NL) Language Pack locale Location: /usr/lib/firefox-esr/browser/extensions/langpack-nl@firefox-esr.mozilla. org.xpi Package: firefox-esr-l10n-nl Status: enabled Name: NoScript Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232}.x pi Status: enabled - -- Plugins information Name: Gnome Shell Integration Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so Package: gnome-shell Status: disabled Name: iTunes Application Detector Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so Package: rhythmbox-plugins Status: disabled Name: Shockwave Flash (11.2.202.632) Location: /usr/lib/flashplugin-nonfree/libflashplayer.so Status: enabled - -- Addons package information ii firefox-esr 45.3.0esr-1~ amd64 Mozilla Firefox web browser - Ext ii firefox-esr-l1 45.3.0esr-1~ all English (United Kingdom) language ii firefox-esr-l1 45.3.0esr-1~ all Dutch language package for Firefo ii gnome-shell 3.14.4-1~deb amd64 graphical shell for the GNOME des ii rhythmbox-plug 3.1-1 amd64 plugins for rhythmbox music playe ii xul-ext-adbloc 2.6.6+dfsg-1 all advertisement blocking extension ii xul-ext-adbloc 1.3-1 all companion for Adblock Plus to cre ii xul-ext-cookie 1.2.0-1 all manage cookies in a whitelist-bas ii xul-ext-dom-in 1:2.0.14-1 all tool for inspecting the DOM of we ii xul-ext-flashb 1.5.18-1 all Mozilla extension to block Adobe ii xul-ext-flashg 1.5.6.7+dfsg all Extension to handle downloads wit - -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages firefox-esr depends on: ii debianutils 4.4+b1 ii fontconfig 2.11.0-6.3+deb8u1 ii libasound2 1.0.28-1 ii libatk1.0-0 2.14.0-1 ii libc6 2.19-18+deb8u4 ii libcairo2 1.14.0-2.1+deb8u1 ii libdbus-1-3 1.8.20-0+deb8u1 ii libdbus-glib-1-2 0.102-1 ii libevent-2.0-5 2.0.21-stable-2 ii libffi6 3.1-2+b2 ii libfontconfig1 2.11.0-6.3+deb8u1 ii libfreetype6 2.5.2-3+deb8u1 ii libgcc1 1:4.9.2-10 ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u5 ii libglib2.0-0 2.42.1-1+b1 ii libgtk2.0-0 2.24.25-3+deb8u1 ii libhunspell-1.3-0 1.3.3-3 ii libpango-1.0-0 1.36.8-3 ii libsqlite3-0 3.8.7.1-1+deb8u1 ii libstartup-notification0 0.12-4 ii libstdc++6 4.9.2-10 ii libx11-6 2:1.6.2-3 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.1-2+b2 ii libxrender1 1:0.9.8-1+b1 ii libxt6 1:1.1.4-1+b1 ii procps 2:3.3.9-9 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages firefox-esr recommends: ii gstreamer1.0-libav 1.4.4-2 ii gstreamer1.0-plugins-good 1.4.4-2 Versions of packages firefox-esr suggests: ii fonts-lmodern 2.004.4-5 ii fonts-stix [otf-stix] 1.1.1-1 ii libcanberra0 0.30-2.1 ii libgnomeui-0 2.24.5-3 ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2 pn mozplugger <none> - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlfRqoQACgkQ9xQaBfeouaqmDQCbBlfBXfkgzOdLOB5kL4nyIZta Q2kAn1CLUArTQD54c5KdvmKc0SDTDhZa =TCWT -----END PGP SIGNATURE-----