David Illsley wrote:
> Gervase Markham wrote:
>
>> That blocking we did of certain ports (1080, etc.) to stop Mozilla
>> connecting to them is breaking people's sites. See several recent posts
>> in n.p.m.general and security.
>>
>> Can we revisit this issue?
>>
>> Gerv
>>
>
> Interestingly, something came up today on bugtraq about this. Apparently
> you can send smtp e-mail by pointing a form submission at
> http://smtp.mail.blah:25 and including the appropriate smtp commands.
>
> This is about all web browsers and not moz specific
>
> See http://www.remote.org/jochen/sec/hfpa/index.html
>
> Also on bugtraq in response to this issue, port blocking in moz can be
> circumvented by adding 65536 to the target port e.g. 21+65536 = 65557.
> (I haven't tested this myself)
I have (sort of) by doing http with 65536+80 which works fine. Port in
nsIURI is of type long (PRInt32), we do not limit ourself to 65536 ports.
Andreas
