[VLC Media Player] Security bug from 2010 still not fixed?

Discussion in 'other security issues & news' started by m00nbl00d, Oct 4, 2011.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Last edited: Oct 4, 2011
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'd like to see more on this. I see it was tested against FF v3, but would it also work in later versions?
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Keep your media player sandboxed/ running at low priority. No problem.

    LowIL is basically made for a media player IMO, all they need to do is read and reads aren't restricted.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm not concerned about myself. I'm just wondering why the security bug was never fixed?

    @ dw426

    Like you, I don't know if it will work against newest Firefox versions, but considering the issue is not with Firefox but with VLC, maybe all it would be required is a bit of imagination and make it work on newest FF versions, if needed.

    My guess is as good as yours... :argh:
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Because most people don't care about security and most programmers don't give it a thought.

    If every program ran in their own sandbox and protected mode ala IE we'd have a much easier time.
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    In this thread : -http://forum.videolan.org/viewtopic.php?f=14&t=87737&p=294689&hilit=sa41810#p294689-

    it is said that the developer/maintainer for their browser plug-ins had left VLC project some time ago, and the bug seems to remain unpatched.
    I was wondering the same question as you asked myself a while back. Seems strange to still not be fixed.
     
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm confused. Don't the respective plugins get updated with main release? Or are these plugins controlled by a completely different "department" of devs/volunteers? I'd hate to sit here and realize these plugins haven't been touched in 3 years. Luckily most things on the web are now Flash-based, so I've yet to actually need the plugin.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It should also be said that VLC's plugin isn't installed by default; the user needs to select it to install it.

    Generally speaking, it would be far more worse if it was a bug in VLC's activex, which is installed by default.

    Nonetheless, one has to wonder what's taking this long to patch it. Is it really because of what user Dermot7 pointed us to? o_O

    If they lack a developer, then perhaps they should take the plugin away? I mean, if you can't fix it, don't provide it.

    It's not like VLC's plugin is as useful as Flash Player as you said, anyway. I'm also yet to see a web site complain about a media player plugin.
     
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Don't install the plugin and you're fine, there's really no reason to do so unless you take joy in expanding your browsers attack surface.
     
Loading...
Thread Status:
Not open for further replies.