Consider adding SMB to port blacklist

NEW
Unassigned

Status

()

Core
Networking
P3
normal
7 months ago
2 months ago

People

(Reporter: zwol, Unassigned)

Tracking

({sec-want})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [necko-triaged])

(Reporter)

Description

7 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

Please consider adding the ports used for Microsoft's SMB and NetBIOS protocols (137, 445, possibly others; 139 is already blacklisted) to the blacklist so that JavaScript cannot initiate connections to them. This is prompted by the MS17-010 exploit, but there's quite a long history of remotely exploitable SMB bugs. This will, at least, make it harder to scan for exploitable systems from a malicious website.

Originally reported as a Fetch spec issue at https://github.com/whatwg/fetch/issues/544
Component: Security → Networking
Keywords: sec-want
Priority: -- → P3
Whiteboard: [necko-triaged]
You need to log in before you can comment on or make changes to this bug.