> What if the code contains a security issue that is exploitable, but only in remote cases and the maintainers do not want to accept changes to the code for whatever reason?
Surely, Mozilla will release an update which disables the plugin under these circumstances.
> How many attacks will there be trying to redirect the Cisco DNS in order to let Firefox download a malware-ridden binary?
Are there currently attacks trying to subvert Firefox's self-update mechanism? Or Chrome's for that matter? My understanding is that Firefox will be checking hashes or signatures for the download.
> How is this a victory over using GStreamer and using the encoders/decoders available on the OS?
As stated in the blog post, not all OS's have support for H.264, in particular Windows XP. It sounds like Firefox already supports H.264 video when the OS provides the codec. It's not clear to me whether Mozilla will move to OpenH264 across all platforms supported by Firefox, or only when there's no codec provided by the OS.
Surely, Mozilla will release an update which disables the plugin under these circumstances.
> How many attacks will there be trying to redirect the Cisco DNS in order to let Firefox download a malware-ridden binary?
Are there currently attacks trying to subvert Firefox's self-update mechanism? Or Chrome's for that matter? My understanding is that Firefox will be checking hashes or signatures for the download.
> How is this a victory over using GStreamer and using the encoders/decoders available on the OS?
As stated in the blog post, not all OS's have support for H.264, in particular Windows XP. It sounds like Firefox already supports H.264 video when the OS provides the codec. It's not clear to me whether Mozilla will move to OpenH264 across all platforms supported by Firefox, or only when there's no codec provided by the OS.