"libavcodec may be vulnerable..." message in Firefox

Question

Since last week, I'm receiving the following message for almost every page that I open in Firefox:

libavcodev may be vulnerable or is not supported, and should be updated for play video

Apparently, this is just a warning, 'cause I can play videos normally.

I tried

sudo apt-get install libavcodec

but this package does not exists.

I also did apt-get update and apt-get upgrade, but the message persists.

Finally, when I use apt-get autoremove, it does not return any package.

I googled for the message, but not found anything similar.

What should I do to eliminate this message? Should I stay alert for anything?

Some info:

• Ubuntu 14.04
• Firefox Developer Edition 51.0a2

Answer 1

There are a security issue described here:

Description

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

the libav can be installed through:

sudo apt-get install libav-tools

The libav's version used by ubuntu 14.04 is 9.x and can be upgraded to 11.x as follow :

sudo add-apt-repository ppa:heyarje/libav-11
sudo apt-get update
sudo apt-get install libav-tools

Run:

sudo apt-get update && sudo apt-get upgrade
sudo apt-get dist-upgrade 

to upgrade packages.

Answer 2

In case you can not upgrade your libav, you can force firefox to use the old version by changing this setting (-> about:config) :

media.libavcodec.allow-obsolete

The defaults setting is false , but you can change it to true .

Answer 3

GAD3R answer works if you are okay installing another repo, and ReneF's if you are okay with the security vulnerability.

If, like me, you don't care if some videos don't play, and you just want that damn message to disappear - without disabling libavcodec (because manually disabling means I'd have to manually re-enable once a fix comes out) - then you should go to about:config, and look for:

media.decoder-doctor.notifications-allowed

In the value field, you may see a comma-separated list of values; the one you want to remove is MediaUnsupportedLibavcodec. For example, my setting was:

MediaWMFNeeded,MediaWidevineNoWMFNoSilverlight,MediaUnsupportedLibavcodec

And I changed it to:

MediaWMFNeeded,MediaWidevineNoWMFNoSilverlight

Viola! No more annoying notification, and the videos which require the codec won't work. However, there's no security issue and but once the official repo pushes a fix, the videos will start working again without any further effort on your part.

Answer 4

libavcodec has been updated in Ubuntu 14.04.

An update to libav-tools, libavcodec-extra and libavcodec-extra-54 in Ubuntu 14.04 has fixed this problem. The libavcodec may be vulnerable or is not supported, and should be updated to play video notification no longer appears after updating the system with the Software Updater.

Answer 5

People are making this harder than it needs to be - and in some cases may not work at all (my case), or be acceptable to continue on with an actual security risk (changing things around in firefox)

Simply go into software center, wait for it to load, type 'restricted' into the search feature, and install the restricted extras package for your particular distro.

Done. Even if you enabled restricted extras in updates, that apparently doesn't apply to video codecs for some reason. This solved my problem even after getting a 'codecs could not be installed due to broken retained packages' - or some such approximation notification.