[Bug 22901] New: Clarification regarding a potential CDM capable of running arbitrary code

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22901

            Bug ID: 22901
           Summary: Clarification regarding a potential CDM capable of
                    running arbitrary code
    Classification: Unclassified
           Product: HTML WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encrypted Media Extensions
          Assignee: adrianba@microsoft.com
          Reporter: yoshi@yomols.de
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-media@w3.org

>From my reading of the EME draft, it seems that a CDM which can run arbitrary
code embedded into the media stream would currently be standard compliant. 

Furthermore, the stream of the media_element and the message interface from EME
provide a bi-directional link between an arbitrary server and a (potentially
hijacked) CDM, which runs with the same privileges as the user-agent. This
poses a potential thread to the security of the user's system.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 8 August 2013 06:32:42 UTC