Christian Biesinger wrote: > > JTK wrote: > > > Chuck Esterbrook wrote: > >>"Access to the port number given has been disabled for security reasons" > > > The problem is that a malicious, invalid URL can be given to Mozilla, > > and Mozilla will pass it *unchecked* to lower levels. > > Huh? > The problem are not invalid URLs, they are _valid_ URLs;
Nonono, they're *invalid* - they contain linefeeds etc which are specifically forbidden by whatever the official URL spec is. This was all gone over in excruciating detail and I'm sure all the sad details are Googleable. > for example, in > POST Data. ...yep, with a linefeed terminator. > This could, would Mozilla not block these ports, for > example be used to send email from the user's IP by posting form data to > a SMTP Server. > Yep, again, with the necessary, not-valid-in-an-URL linefeeds etc embedded in the URL. > -- > Greetings to Echelon and the NSA: > president usa attack world trade center afghanistan terrorist terrorism > bioterrorism anthrax white house pentagon car bomb Please stop this sub-juvenile BS. The remains of four thousand-some murdered civilians is something few other than yourself and Osama Bin Laden find humorous, and you're sadly mistaken if you think you're doing anything other than making an abhorrent ass of yourself.
