Closed Bug 319060 Opened 19 years ago Closed 19 years ago

Firefox 1.5 restricts sites on non-standard ports, without the option to disable this "feature"

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 85601

People

(Reporter: bholowka, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

I realize the first response will be that Firefox restricts access to sites on non-standards ports -by design-, however, it should have the option to disable this feature, not be pushed on us in a draconian manner.

It is no different with the other security features that can be disbled: pop-up blocking, allowing web sites to install software, run scripts, etc.

There are many good reasons to run a web site on a non-standard port, including the security and privacy of that site itself.

Reproduce by browsing to a site that has a port after the address (the site doesn't even have to be real).
e.g. http://www.google.com:6000

Reproducible: Always

Steps to Reproduce:
1. Open Browser
2. Enter address with nonstandard port (http://www.google.com:6000)
3. goto 1

Actual Results:  
access restricted

Expected Results:  
access granted
See http://www.mozilla.org/projects/netlib/PortBanning.html .
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Thanks for the reference.  It should be noted thet I did exensive searches based on both the text in the page displayed when a site is block, and with various general terms (firefox, port, block, blocking, etc.) and could not find this resource page you provided.  I searched in every Firefox resource I could find and on google before coming here.  Perhaps there should be something easier to find on this subject.

Was it decided on purpose that management of this feature would not be included in the UI?  As a Technical Architect, I believe in the 'all or nothing' philosophy... if you can manage some security features, you should be able to manage all security features (through some interface at least); either through the UI or through the about:config.  Adding some items there but keeping some out seems arbitrary at times.

Just my 2cents.

Having the average user edit their 
(In reply to comment #2)
> Was it decided on purpose that management of this feature would not be included
> in the UI?  As a Technical Architect, I believe in the 'all or nothing'
> philosophy... if you can manage some security features, you should be able to
> manage all security features (through some interface at least); either through
> the UI or through the about:config.  Adding some items there but keeping some
> out seems arbitrary at times.
> 

Access to port 6000 is denied, because it's ridiculuous easy to launch a DOS-attack to a Unix or Linux workstation this way.

Firefox is all about a /simplified/ GUI. Mozilla Seamonkey was way to complicated for most people (way to many preferences for instance). That's why this feature can only be changed in about:config. bug 85601 wants a GUI for it, although IMHO this would allow people to make changes without realling the consequences.
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---

*** This bug has been marked as a duplicate of 85601 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.