Closed Bug 314441 Opened 19 years ago Closed 19 years ago

Java enabled Internal IP address sniffing exploit

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 260288

People

(Reporter: jayw, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

Hey guys. Didn't think my internal IP addresses would be seen on the net but they are. I have MS Anti-Spy Active Agents, Zone Alarm on the highest "stealth" setting which supposedly hides the IP address, and MS Firewall, and still, websites can read my internal IP addresses. 

Only if you DISABLE java can your internal IP addresses not be seen...

Just click on the URL and you can see for yourself. You will have clear your cache and history after the first go, after you have disabled Java, and then reload the same page, and it will not be able to find your internal IP addresses.

I guess this isn't a problem if you are using an IP spoofing or IP sub-relay company, however, for me this sucks!

I wonder if this can be fixed. Perhaps a more advanced Java and Java Script control console? That would be great!



Reproducible: Always

Steps to Reproduce:
1. Start Browser
2. Make sure Java is enabled
3. Go to http://www.auditmypc.com/whats-my-ip.asp
4. And see for yourself

Actual Results:  
Your internal IP addresses that are supposed to be hidden from the net are VISIBLE.

Expected Results:  
It should hide internal IP addresses.

The only way to nip this exploit in the bud is to turn off Java. Unfortunately, many websites (the cooler ones) use this, so this extreme option may not be feasible on a regular basis.
I've seen a page somewhere (can't find the link now), and this is simply how Java works. It's not a bug in Firefox, unless I'm severely mistaken.
Reporter, this is not an exploit. It's not even an security issue, only a privacy problem. But it's not caused by Firefox or Gecko.

*** This bug has been marked as a duplicate of 260288 ***

*** This bug has been marked as a duplicate of 260288 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.