On Wed, 2016-11-02 at 21:37 -0700, Alice Wonder wrote:
While doing a browser fingerprinting survey, I was quite surprised to see I actually have a FireFox plugin installed.
The culprit is
/usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so
It appears that whoever maintains the rhythmbox RPM has chosen not to package the browser plugin separately like it probably should be. So if I have the rhythmbox RPM installed, I have the plugin.
This is rather worrisome because I can find no trace of the plugin in the Mozilla preferences panel, so if it is there it is very well hidden and if it really isn't there, it can't be disabled there.
Is there some kind of blacklist file I can put in /usr/lib64/mozilla/plugins/ or ~/.mozilla/plugins/ to specifically tell FireFox not to load that plugin, or do I have to uninstall rhythmbox?
Thank you for suggestions.
PS does anyone actually have a real world use for an itms detection plugin?
Hi,
It is possible to rebuild the package ( for CentOS 7) and disable this plugin being built. Attached is a diff of the changes required.
In RHEL 7.3 rhythmbox is supposed to rebase.
https://bugzilla.redhat.com/show_bug.cgi?id=1298233
Unsure if it has been pushed as yet, being 7.3 release day, not all info is available. What this package does contain is to be found out.
Regards
Phil