- From: <bugzilla@jessica.w3.org>
- Date: Thu, 08 Aug 2013 06:32:41 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22901 Bug ID: 22901 Summary: Clarification regarding a potential CDM capable of running arbitrary code Classification: Unclassified Product: HTML WG Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Encrypted Media Extensions Assignee: adrianba@microsoft.com Reporter: yoshi@yomols.de QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-media@w3.org >From my reading of the EME draft, it seems that a CDM which can run arbitrary code embedded into the media stream would currently be standard compliant. Furthermore, the stream of the media_element and the message interface from EME provide a bi-directional link between an arbitrary server and a (potentially hijacked) CDM, which runs with the same privileges as the user-agent. This poses a potential thread to the security of the user's system. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Thursday, 8 August 2013 06:32:42 UTC