Hektor+FF I found a bug that allows me to connect to a server that is defined in the exclusion list in Preferences => Network => Proxy without use the proxy (Hektor).

RESOLVED INVALID

Status

()

Firefox
Security
--
critical
RESOLVED INVALID
9 years ago
9 years ago

People

(Reporter: Aleksander Kurczyk, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.1.5) Gecko/20091109 Ubuntu/9.10 (karmic) Firefox/3.5.5
Build Identifier: Mac OS X 10.4.9 Tiger witch Hektor and Firefox

Hektor+FF I found a bug that allows me to connect to a server that is defined in the exclusion list in Preferences => Network => Proxy without use the proxy (Hektor).

Reproducible: Always

Steps to Reproduce:
*Open Preferences => Network => Proxy
*Add to exclusion list example.org
*Click OK
*Open example.org
Actual Results:  
I can open example.org without proxy (Hektor).

Expected Results:  
Do not allow me to visit example.org.

Hector is a local proxy server that should prevent me visiting certain websites and downloading some files via HTTP. Hector should not let me turn off the proxy in Preferences => Network => Proxy by exiting FF.
Yes, that's what the exclusion list is for, specifying hosts you don't want to go through the manual (voluntary) proxy.

If the proxy is a workplace requirement then it cannot be made voluntary and must be enforced on the network (there are lots of network security products tht will do this). You can't rely on the client machine to be set correctly if they are the ones you're trying to protect against.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.