[Security] "localhost" alike URI accessible by remote sites
Categories
(Core :: DOM: Security, defect)
Tracking
()
People
(Reporter: masterquestionable, Unassigned)
Details
See [ https://bugzilla.mozilla.org/show_bug.cgi?id=1806171#c9 ] for background.
Unsure if it affects "file://". (would be a really serious flaw if it does...)
Reporter | ||
Updated•1 year ago
|
Comment 1•1 year ago
|
||
Whether localhost is accessible remotely or not is up to the firewall on your device. This is not a Firefox issue. Yes, you're interested in this as a "work-around" for bug 1806171, but whether your device supports a firewall or not is outside Firefox's control. It may affect whether or not you're comfortable using a local server as a workaround, but that's for you to decide and doesn't change the fact that bug 1806171 exists.
Reporter | ||
Comment 2•1 year ago
|
||
Whether malicious sites that can exploit Firefox may be even accessed is up to the firewall and user: No Firefox issue ever.
Also, this is again not directly related with the mentioned bug.
The exact issue is: default prevent intranet access from "3p".
Comment 3•1 year ago
|
||
Maybe this is actually a duplicate of bug 354493?
Reporter | ||
Comment 4•1 year ago
|
||
Seemingly so...
Poor description, didn't find it.
I'll analyze it later and confirm.
Description
•