Closed Bug 1872502 Opened 1 year ago Closed 1 year ago

[Security] "localhost" alike URI accessible by remote sites

Categories

(Core :: DOM: Security, defect)

Firefox 122
defect

Tracking

()

VERIFIED DUPLICATE of bug 354493

People

(Reporter: masterquestionable, Unassigned)

Details

    See [ https://bugzilla.mozilla.org/show_bug.cgi?id=1806171#c9 ] for background.

    Unsure if it affects "file://". (would be a really serious flaw if it does...)

Version: unspecified → Firefox 122

Whether localhost is accessible remotely or not is up to the firewall on your device. This is not a Firefox issue. Yes, you're interested in this as a "work-around" for bug 1806171, but whether your device supports a firewall or not is outside Firefox's control. It may affect whether or not you're comfortable using a local server as a workaround, but that's for you to decide and doesn't change the fact that bug 1806171 exists.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → INVALID

    Whether malicious sites that can exploit Firefox may be even accessed is up to the firewall and user: No Firefox issue ever.

    Also, this is again not directly related with the mentioned bug.
    The exact issue is: default prevent intranet access from "3p".

Maybe this is actually a duplicate of bug 354493?

    Seemingly so...
    Poor description, didn't find it.

    I'll analyze it later and confirm.

Duplicate of bug: 354493
Resolution: INVALID → DUPLICATE

    Likely.

Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.