Working from bug #469571, I attempted to remove all xine related rpms except for xine-libs.  I also removed mplayer rpms.  Now totem is the default media player for firefox.  However, I get a bunch of AVC denials with totem now too.  I've worked for hours with domg472_ on #fedora-selinux but his ultimate response was:
< domg472_> XulChris this is getting nasty. file a bugzilla
so here I am.

I'm not really sure what info to paste, I've been adding my own rules to try and fix it, but I'm at a point now where it only works in permissive mode and if i set enforcing mode I dont get any avc denial messages.  If I run semodule -DB and try, I get a lot like:
node=localhost.localdomain type=AVC msg=audit(1225659907.827:32771): avc: denied { connectto } for pid=29462 comm="totem" path=002F746D702F646275732D52454E5548594A717963 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket

ping me on #fedora-selinux if you need more info.  This is "nasty" and I don't know what I'm doing :(

Need help.

This is what I have so far, but these policy rules are mixed in with bug #469571 problems as well:
policy_module(mysplugin, 0.0.1)
require {
        type gconf_home_t;
        type nsplugin_t;
        type user_home_t;
        class sock_file unlink;
        class unix_dgram_socket sendto;
        class dir { write search create add_name getattr };
        class file rename;
}

#============= nsplugin_t ==============
allow nsplugin_t gconf_home_t:dir { write search add_name create getattr };
allow nsplugin_t self:unix_dgram_socket sendto;
allow nsplugin_t user_home_t:file rename;
allow nsplugin_t user_home_t:sock_file unlink;
apache_list_modules(nsplugin_t)
storage_raw_read_removable_device(nsplugin_t)
usermanage_read_crack_db(nsplugin_t)