Java enabled Internal IP address sniffing exploit

RESOLVED DUPLICATE of bug 260288

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 260288
12 years ago
12 years ago

People

(Reporter: jayw, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

Hey guys. Didn't think my internal IP addresses would be seen on the net but they are. I have MS Anti-Spy Active Agents, Zone Alarm on the highest "stealth" setting which supposedly hides the IP address, and MS Firewall, and still, websites can read my internal IP addresses. 

Only if you DISABLE java can your internal IP addresses not be seen...

Just click on the URL and you can see for yourself. You will have clear your cache and history after the first go, after you have disabled Java, and then reload the same page, and it will not be able to find your internal IP addresses.

I guess this isn't a problem if you are using an IP spoofing or IP sub-relay company, however, for me this sucks!

I wonder if this can be fixed. Perhaps a more advanced Java and Java Script control console? That would be great!



Reproducible: Always

Steps to Reproduce:
1. Start Browser
2. Make sure Java is enabled
3. Go to http://www.auditmypc.com/whats-my-ip.asp
4. And see for yourself

Actual Results:  
Your internal IP addresses that are supposed to be hidden from the net are VISIBLE.

Expected Results:  
It should hide internal IP addresses.

The only way to nip this exploit in the bud is to turn off Java. Unfortunately, many websites (the cooler ones) use this, so this extreme option may not be feasible on a regular basis.
I've seen a page somewhere (can't find the link now), and this is simply how Java works. It's not a bug in Firefox, unless I'm severely mistaken.

Comment 2

12 years ago
Reporter, this is not an exploit. It's not even an security issue, only a privacy problem. But it's not caused by Firefox or Gecko.

*** This bug has been marked as a duplicate of 260288 ***

*** This bug has been marked as a duplicate of 260288 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.