gecko-mediaplayer package should not bundle so many plugins for security reasons
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-meta (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Web browser plugins are a major vector for exploit on the internet. For security reasons, it is best not to install plugins you don't need. Yet Ubuntu-packages bundle numerous plugins together. For example, if I use one single plugin (e.g., Windows Media Player Plug-in), I have to install the gecko-mediaplayer package. Yet the gecko-mediaplayer package installs 4 additional plugins in addition to the Windows Media Player Plug-in. I NEVER use the 4 additional plugins that are installed. Further, among the 4 additional plugins installed are QuickTime and RealPlayer. Two plugins that are notoriously exploited on the web.
The gecko-mediaplayer package should not bundle so many plugins together. A separate package should exist for each plugin. Or some other solution should be developed that allows users to only install the plugin they actually use.
Security is a major problem these days and users should not have to install more plugins than they actually use, especially when the unused plugins are notorious for security vulnerabilities.
Status changed to 'Confirmed' because the bug affects multiple users.