Mozilla port banning

In English, OSs and Apps, Security, Techie, ,

Using a specially crafted HTML page, an attacker can trick a browser displaying this HTML page into accessing SMTP, NNTP, POP3, IRC, or other servers, possibly behind a firewall.

Cert issued a
Vulnerability Note VU#476267
for a "Cross-Protocol" scripting attack, known as the HTML
Form Protocol Attack which allowed sending arbitrary data to most TCP ports.
A simple exploit of this hole allows an attacker to send forged unsigned mail through
a mail server behind your firewall: A really nasty hole.

I found the list of ports blocked by Mozilla here: http://www.mozilla.org/projects/netlib/PortBanning.html

Posted by jekil
June 2, 2008

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

Comments

No comments yet.

Leave a comment

(required)

(required)


http://www.tanasi.it/kceojv.php