Yes. Moreover, they are sandboxed at runtime. So modulo bugs in the sandboxing layer, we can treat those blobs as adversarial and the integrity of Firefox shouldn't depend on the integrity of those blobs.
On Mon, Jul 18, 2016 at 12:04 PM, Chris Peterson <[email protected]> wrote: > On 7/18/16 11:56 AM, Gregory Szorc wrote: > >> A significant obstacle to even comparable builds is "private" data >> embedded >> within Firefox. e.g. Google API Keys. I /think/ we're also shipping some >> DRM blobs. >> > > Mozilla does not ship any DRM blobs with Firefox. The Adobe Primetime and > Google Widevine CDMs (DRM DLLs) are downloaded from Adobe and Google > servers on Firefox first-run. Similarly, Cisco's OpenH264 codec is > downloaded from a Cisco server on Firefox first-run. > > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
