Closed Bug 480948 Opened 15 years ago Closed 15 years ago

Nebulous 'Security Reasons' message with no way to continue with request.

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 85601

People

(Reporter: ryan, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121714 Remi/fc8 Firefox/3.0.5
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121714 Remi/fc8 Firefox/3.0.5

When you attempt to visit a web-page which is running on a port which Firefox deems to be 'reserved for other purposes'; your request is halted and the rather nebulous 'Security Reasons' error message noted below is displayed. There is no option to continue with your request - in effect the browser is at this point getting in your way. 

Reproducible: Always

Steps to Reproduce:
1. Visit the enclosed address.
Actual Results:  
The following error message appears:

Port Restricted for Security Reasons

This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.

The requested address specified a port (e.g. "mozilla.org:80" for port 80 on mozilla.org) normally used for purposes other than Web browsing. The browser has canceled the request for your protection and security.

Expected Results:  
Ideally, continue with the request and if unsuccessful, fail with the usual 'Failed to connect' message. Especially since in this case the chance of any 'security risk' is so remote as to be laughable.
simple rule: first read before starting to laughing

http://www.mozilla.org/projects/netlib/PortBanning.html
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
In this instance, trying to legitimately access a website running on a port which Mozilla has blacklisted because of the VU#476267 is certainly a laughable 'security' issue. G-Mail was used as an example here to replace a corporate intranet address which I did not have permission to publish. The fact that there is no *obvious* way to bypass this alleged protection without having to mess around in about:config is certainly a bug. We can allow exceptions for 'bad' (or self-signed) certificates relatively easily (albeit with more hoops to jump through than I would like) - why not in this case? And why has the ticket that this bug has been marked as a duplicate of been outstanding for years?
Bug 85601 is years old but that doesn't matter at all for the duping because bug 85601 is still open.You have to search for such existing bugs before reporting new ones but i hope you didn't found it in your search.

How,when and if this get fixed are things that I can not answer, it would help if you attach a patch to bug 85601 but i would ask the security group if they would accept such a patch before trying to create it.
You need to log in before you can comment on or make changes to this bug.