Dag-Erling Sm?rgrav wrote:
Hang on a sec ? localhost should be [::1], not [::], which is the equivalent of 0.0.0.0. My guess is a software bug. Jails look a little weird from the inside unless you use a fully virtualized network stack. The proxy probably doesn't have sufficient error checking around getpeername() or something like that.
Another intermediate URL-checker reports that the plugin in question (CanvasBlocker) is requesting https://[::]/ directly. If a bug this is the first I've seen of it's kind. If not the question is what threat profile [::]:443 might expose. (Other than the obvious jail vector which really should be fixed. FreeBSD Foundation where are you?) Karl's reference to RFC 4291 indicates it is a protocol violation as well. The symptom has been reported to Mozilla. Roger _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
