So if mozilla differentiated between a URL with 'post data' and one without we could type in a url with any port number no problem and if a post asked for one of the forbidden ports we would have to open it up in preffs.
Christian Biesinger wrote: > JTK wrote: > >> Chuck Esterbrook wrote: >> >>> "Access to the port number given has been disabled for security reasons" >> > >> The problem is that a malicious, invalid URL can be given to Mozilla, >> and Mozilla will pass it *unchecked* to lower levels. > > > > Huh? > The problem are not invalid URLs, they are _valid_ URLs; for example, in > POST Data. This could, would Mozilla not block these ports, for example > be used to send email from the user's IP by posting form data to a SMTP > Server. >
