I hadn't come across this yet, but I would have eventually. This is
really stupid if you ask me. I hope they remove this and fix the actual
problem.
jon
Carlfish wrote:
> On Sun, 01 Jul 2001 03:31:03 GMT, William Herrera
> <[EMAIL PROTECTED]> somehow managed to type:
>
>>Why when using port 1080 as an alternative for http access does Mozilla 0.9.x
>>refuse to do the socket, saying:
>>
>>Access to the port number given has been disabled for security reasons.
>>
>
> Certain ports are inaccessable from Mozilla because of exploits involving
> a specially crafted URL redirection that could cause your browser to send
> arbitrary commands to certain types of server. 1080 is blocked because it
> is the default port for SOCKS proxy servers.
>
> IMHO, they went about this the wrong way - blocking ports is a band-aid
> fix, the correct response would be to prevent Mozilla from sending
> line-feeds to servers as part of a URL.
>
> There is a user pref that you can set to override this restriction, but
> there isn't any UI for it - you have to set it manually.
>
> http://bugzilla.mozilla.org/show_bug.cgi?id=85601
>
> ------- Additional Comments From Doug T 2001-06-15 13:10 -------
>
> There is a prefs that allows you to do this:
>
> network.security.ports.banned.override
>
> Just add all the ports you want "freed" comma delimited
>
> ----
>
> Charles Miller
>
