lonerunners.net | www.lonerunners.net www.lonerunners.net lab.lonerunners.net lab.lonerunners.net

Mozilla port banning

In English, OSs and Apps, Security, Techie, ,

Using a specially crafted HTML page, an attacker can trick a browser displaying this HTML page into accessing SMTP, NNTP, POP3, IRC, or other servers, possibly behind a firewall.

Cert issued a
Vulnerability Note VU#476267
for a "Cross-Protocol" scripting attack, known as the HTML
Form Protocol Attack which allowed sending arbitrary data to most TCP ports.
A simple exploit of this hole allows an attacker to send forged unsigned mail through
a mail server behind your firewall: A really nasty hole.

I found the list of ports blocked by Mozilla here: http://www.mozilla.org/projects/netlib/PortBanning.html

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • BlinkList
  • De.lirio.us
  • description
  • Furl
  • Live
  • Ma.gnolia
  • Meneame
  • Reddit
  • Segnalo
  • Slashdot
  • Spurl
  • StumbleUpon
  • Technorati
  • Wikio IT
  • YahooMyWeb
Posted by jekil
June 2, 2008

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

Comments

No comments yet.

Leave a comment

(required)

(required)