Abrowser wants to automatically install OpenH264

Progetto:Trisquel
Versione:7.0
Componente:Programs
Categoria:segnalazione di bug
Priorità:normal
Assigned:Non assegnata
Stato:closed
Descrizione

I first noticed this with Abrowser 37 on Trisquel 7.0 AMD64, and then I ran a system update about a half hour ago, however with Abrowser 38 and a fully up to date system, this still shows up, and I am not presented an option to remove it, only to disable it. I am aware this plug-in is free software, however this back door installer still poses a threat because it's software that's being installed from outside the package manager without the ability to uninstall it, potentially compromising security if it turns out the binary contains undisclosed modifications.

I apologize if some of you cannot read the screenshot because I installed the OS in Spanish, however I did translate the message in the yellow box.

AllegatoDimensione
OpenH264.png183.21 KB
Mer, 06/10/2015 - 05:46

And a quick check under the guest account with a clean web browser profile reproduces this exact same issue.

Mer, 06/10/2015 - 18:56

Yes, seems that the name of the preference changed

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

A merge request was sent here:
https://devel.trisquel.info/trisquel/package-helpers/merge_requests/97

Thanks for your quick report, we didn't catch this.

Gio, 06/11/2015 - 00:26

You're welcome. I should also note that this is something that was discovered by accident. I was looking at other plug-ins that I had installed for something unrelated, and then I noticed Abrowser was trying to sneak plug-ins into my browser profile.

Anyways, thank you for being quick to locate the issue, and while I wait for the update, I already disabled the codec in my configurations, in about:config.

Gio, 06/11/2015 - 15:27
Gio, 06/25/2015 - 15:30
Stato:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.

Mar, 06/30/2015 - 17:47
Stato:closed» active

I re-installed Trisquel 7.0 on another computer I recently repaired after several months of not using it, and the codec is still there.

Mar, 06/30/2015 - 17:54

I think that if you already had it, it will stay there.

Mar, 06/30/2015 - 18:15

This is a new browser profile, I ran a system update before I opened up Abrowser on there for the first time.

I believe a better solution would be to just remove the backdoor installer from the Abrowser source code. I'd do this myself and submit a patch, however I'm just barely starting to learn computer programming.

Sab, 07/04/2015 - 18:58

Fresh Trisquel installed with new user and newly installed Abrowser, still wants to install Cisco OpenH264 binary plugin.

AllegatoDimensione
Screenshot - 04.07.2015 - 19:57:27.png 44.56 KB
Mar, 07/21/2015 - 17:10

Is anyone still having this issue with Abrowser 39? I'm not.

Ven, 08/14/2015 - 23:19
Stato:active» fixed

Marking as fixed.

Ven, 08/28/2015 - 23:20
Stato:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.