[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
#10854: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
----------------------------------+---------------------------
Reporter: oc | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
[http://tools.ietf.org/html/rfc3986#section-3.2.2 RFC3986] specifies that
host IPv4 addresses must be in dotted-decimal format (xxx.xxx.xxx.xxx) in
a URI.
However, on certain platforms (Unices) Firefox also allows alternative
formats: octal, base 256, single long intâ There is a longstanding
[https://bugzilla.mozilla.org/show_bug.cgi?id=67730 ticket] to change this
behavior, as alternate IP representations nowadays only serve for
malicious address obfuscation or filters bypassing.
The Tor browser should stick to the RFC in order to prevent such abuses
and present a uniform behavior across platforms.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10854>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs