Andreas Otte wrote:
> David Illsley wrote:
>
>> Gervase Markham wrote:
>>
>>> That blocking we did of certain ports (1080, etc.) to stop Mozilla
>>> connecting to them is breaking people's sites. See several recent posts
>>> in n.p.m.general and security.
>>>
>>> Can we revisit this issue?
>>>
>>> Gerv
>>>
>>
>> Interestingly, something came up today on bugtraq about this.
>> Apparently you can send smtp e-mail by pointing a form submission at
>> http://smtp.mail.blah:25 and including the appropriate smtp commands.
>>
>> This is about all web browsers and not moz specific
>>
>> See http://www.remote.org/jochen/sec/hfpa/index.html
>>
>> Also on bugtraq in response to this issue, port blocking in moz can be
>> circumvented by adding 65536 to the target port e.g. 21+65536 = 65557.
>> (I haven't tested this myself)
>
>
> I have (sort of) by doing http with 65536+80 which works fine. Port in
> nsIURI is of type long (PRInt32), we do not limit ourself to 65536 ports.
>
> Andreas
>
http://bugzilla.mozilla.org/show_bug.cgi?id=95488
