[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)

Subject: [tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 09 Feb 2014 17:50:34 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 09 Feb 2014 12:50:54 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10854: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
----------------------------------+---------------------------
 Reporter:  oc                    |          Owner:  mikeperry
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:
Component:  Firefox Patch Issues  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+---------------------------
 [http://tools.ietf.org/html/rfc3986#section-3.2.2 RFC3986] specifies that
 host IPv4 addresses must be in dotted-decimal format (xxx.xxx.xxx.xxx) in
 a URI.

 However, on certain platforms (Unices) Firefox also allows alternative
 formats: octal, base 256, single long intâ There is a longstanding
 [https://bugzilla.mozilla.org/show_bug.cgi?id=67730 ticket] to change this
 behavior, as alternate IP representations nowadays only serve for
 malicious address obfuscation or filters bypassing.

 The Tor browser should stick to the RFC in order to prevent such abuses
 and present a uniform behavior across platforms.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10854>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10809 [BridgeDB]: reCAPTCHA on bridges.torproject.org are impossible to solve for humans
Next by Author: Re: [tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
Previous by thread: Re: [tor-bugs] #4959 [Tor]: Discuss shipping and enabling tor-fw-helper by default
Next by thread: Re: [tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
Index(es):
- Author
- Thread