Package: firefox-esr Version: 60.2.2esr-1~deb9u1 Severity: normal
Dear Maintainer, I have noticed that a binary library libgmpopenh264.so has been put into ~/.mozilla/firefox/xxxxxxxx.default/gmp-gmpopenh264/1.6 although media.gmp-gmpopenh264.enabled is false. I did not install any plugins or add-ons. It is also strange that the file was last modified on Oct 17, because on a different installation I found version 1.7.1 with an *earlier* modification time (but here third-party plugins were installed and removed several times with no possibility of reconstructing what exactly happened). It is quite difficult to find out exactly where this binary comes form and whether it is the "official" one. The binary files by Cisco that can be regularly found on the web are different. A user in the Debian IRC channel told me that he found a reference to http://ciscobinary.openh264.org/ openh264-linux64-0410d336bb748149a4f560eb6108090f078254b1.zip in /usr/lib/firefox-esr/omni.ja which I also have. And indeed this is the binary that I found on my system, so it seems to be something official. Nevertheless, I think this is not the expected behaviour. Unfortunately, starting firefox from an empty profile does not automatically download the file. Something else must have triggered the download, which I could not reproduce. (Just speculating: Maybe visiting certain websites or starting firefox after being updated by "apt upgrade", which happended several times?)
