Closed
Bug 239121
Opened 21 years ago
Closed 21 years ago
Unblock port 1080
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
VERIFIED
FIXED
mozilla1.7final
People
(Reporter: caillon, Assigned: dougt)
References
()
Details
(Keywords: fixed1.4.3, Whiteboard: [sg:nse] checkmac)
Attachments
(1 file)
470 bytes,
patch
|
bbaetz
:
review+
darin.moz
:
superreview+
caillon
:
approval1.4.3+
chofmann
:
approval1.7+
|
Details | Diff | Splinter Review |
Tentatively marking as security-sensitive.
I'd like for us to consider unblocking port 1080. Bbaetz says SOCKS (the most
common port-1080 application) is a binary protocol, so there's no risk of a
malicious site using a SOCKS server on behalf of a visitor. Other browsers
don't block port 1080 and 1080 is a fairly common http port. For example. it is
used by the 3ware raid configuration tool.
Also, the exploit that seems to be based on SOCKS was on port 2080, not 1080.
See http://www.securityfocus.com/bid/509/exploit/ (have we been blocking the
wrong port?)
Assignee | ||
Comment 1•21 years ago
|
||
Bbaetz, what say you. looking back at my notes, suggest that we agreed that
1080 could be blocked.
Comment 2•21 years ago
|
||
Err, no. I was always against 1080 being blocked. The orignal list I came up
with was taken from the ns4 list of blocked ports, plus port 587.
See (for example) bug 92769 comment 22
Assignee | ||
Comment 3•21 years ago
|
||
that is good enough for me. I say we unblock for the next release.
Assignee | ||
Comment 4•21 years ago
|
||
Comment 5•21 years ago
|
||
Comment on attachment 145077 [details] [diff] [review]
proposed patch
(Actually, it may have been more than just 1080 and 587 we added. I can't
really recall. 1080 is the only one people ahve complained about, though.)
r=bbaetz
Attachment #145077 -
Flags: review+
Comment 6•21 years ago
|
||
Comment on attachment 145077 [details] [diff] [review]
proposed patch
sr=darin
Attachment #145077 -
Flags: superreview+
Updated•21 years ago
|
Attachment #145077 -
Flags: approval1.7?
Comment 7•21 years ago
|
||
Comment on attachment 145077 [details] [diff] [review]
proposed patch
a=chofmann for 1.7
Attachment #145077 -
Flags: approval1.7? → approval1.7+
Assignee | ||
Comment 8•21 years ago
|
||
Checking in nsIOService.cpp;
/cvsroot/mozilla/netwerk/base/src/nsIOService.cpp,v <-- nsIOService.cpp
new revision: 1.170; previous revision: 1.169
done
Marking fixed.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Comment 10•21 years ago
|
||
The only potentially security-sensitive thing that came up here was:
> Also, the exploit that seems to be based on SOCKS was on port 2080, not 1080.
> See http://www.securityfocus.com/bid/509/exploit/ (have we been blocking the
> wrong port?)
Is that worth keeping this bug marked as security-sensitive? Should a bug be
filed for blocking 2080? (I don't think 2080 needs to be blocked -- the problem
is the buffer overflow in an old version of Wingate, not that the exploit can
appear to come from a Mozilla user visiting a malicious site.)
Comment 11•21 years ago
|
||
-> security
qa to me, allplats, for 1.7f
Component: Browser-General → Security: General
OS: Linux → All
QA Contact: general → benc
Hardware: PC → All
Target Milestone: --- → mozilla1.7final
Comment 12•21 years ago
|
||
Not an exploit. No one has stepped up to defend keeping this confidential and we
default to openness without good reason otherwise --> removing flag
Group: security
Whiteboard: [sg:nse]
Comment 13•20 years ago
|
||
V/fixed. Mozilla 1.7RC2, Linux
Status: RESOLVED → VERIFIED
Whiteboard: [sg:nse] → [sg:nse] checkmac checkwin
Comment 14•20 years ago
|
||
VERIFIED: Windows XP, 1.7RC2.
Whiteboard: [sg:nse] checkmac checkwin → [sg:nse] checkmac
Reporter | ||
Comment 15•20 years ago
|
||
Comment on attachment 145077 [details] [diff] [review]
proposed patch
Very low risk, high gain for this as this fix will allow 3ware raid
configuration software to work.
a=blizzard for 1.4.3
Attachment #145077 -
Flags: approval1.4.3+
You need to log in
before you can comment on or make changes to this bug.
Description
•