Closed Bug 1128212 Opened 9 years ago Closed 9 years ago

PeerConnection leaks local IP adresses and treatens user privacy

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
35 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 959893

People

(Reporter: mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20150126171358

Steps to reproduce:

I visited the website https://diafygi.github.io/webrtc-ips/


Actual results:

The above website is able to retrieve a complete list of all local IPv4 addresses (with the exception of 127.0.0.1/8) through JavaScript, more precisely by leveraging WebRTC PeerConnection and the underlying ICE features. All of this happened without Firefox even displaying a user notification, let alone asking if the user actually wants this to happen.


Expected results:

The above website should *not* be able to find out any other IP address than the one I actually used to connect to the webserver. The website should *not* be provided with what I would basically consider a verbatim copy of my systems routing table.

And *if* you see the necessity to implement such an insane behaviour in a piece of software what is actually supposed to be a *webbrowser* and NOT Skype, please *at least* make sure that this insanity is not enabled by default.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.