Progetto: | Trisquel |
Versione: | 7.0 |
Componente: | Programs |
Categoria: | segnalazione di bug |
Priorità: | normal |
Assigned: | Non assegnata |
Stato: | closed |
I first noticed this with Abrowser 37 on Trisquel 7.0 AMD64, and then I ran a system update about a half hour ago, however with Abrowser 38 and a fully up to date system, this still shows up, and I am not presented an option to remove it, only to disable it. I am aware this plug-in is free software, however this back door installer still poses a threat because it's software that's being installed from outside the package manager without the ability to uninstall it, potentially compromising security if it turns out the binary contains undisclosed modifications.
I apologize if some of you cannot read the screenshot because I installed the OS in Spanish, however I did translate the message in the yellow box.
And a quick check under the guest account with a clean web browser profile reproduces this exact same issue.
Yes, seems that the name of the preference changed
https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
A merge request was sent here:
https://devel.trisquel.info/trisquel/package-helpers/merge_requests/97
Thanks for your quick report, we didn't catch this.
You're welcome. I should also note that this is something that was discovered by accident. I was looking at other plug-ins that I had installed for something unrelated, and then I noticed Abrowser was trying to sneak plug-ins into my browser profile.
Anyways, thank you for being quick to locate the issue, and while I wait for the update, I already disabled the codec in my configurations, in about:config.
Fixed in https://devel.trisquel.info/trisquel/package-helpers/commit/bfea817079787a4805dc774f20166b2abefa75fb
Automatically closed -- issue fixed for 2 weeks with no activity.
I re-installed Trisquel 7.0 on another computer I recently repaired after several months of not using it, and the codec is still there.
I think that if you already had it, it will stay there.
This is a new browser profile, I ran a system update before I opened up Abrowser on there for the first time.
I believe a better solution would be to just remove the backdoor installer from the Abrowser source code. I'd do this myself and submit a patch, however I'm just barely starting to learn computer programming.
Fresh Trisquel installed with new user and newly installed Abrowser, still wants to install Cisco OpenH264 binary plugin.
Is anyone still having this issue with Abrowser 39? I'm not.
Marking as fixed.
Automatically closed -- issue fixed for 2 weeks with no activity.