Date: Thu, 25 Jan 2018 11:08:52 GMT From: Martin Simmons <martin@lispworks.com> To: Roger Marquis <marquis@roble.com> Cc: des@des.no, freebsd-security@freebsd.org Subject: Re: Malicious URL ? https://[::]/ Message-ID: <201801251108.w0PB8q1f003471@higson.cam.lispworks.com> In-Reply-To: <nycvar.OFS.7.76.1801241128280.56643@mx.roble.com> (message from Roger Marquis on Wed, 24 Jan 2018 12:02:47 -0800 (PST)) References: <nycvar.OFS.7.76.1801220930100.41328@mx.roble.com> <86wp08fcil.fsf@desk.des.no> <86shawfccq.fsf@desk.des.no> <nycvar.OFS.7.76.1801241128280.56643@mx.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Wed, 24 Jan 2018 12:02:47 -0800 (PST), Roger Marquis said: > > Another intermediate URL-checker reports that the plugin in question > (CanvasBlocker) is requesting https://[::]/ directly. If a bug this is > the first I've seen of it's kind. If not the question is what threat > profile [::]:443 might expose. (Other than the obvious jail vector > which really should be fixed. FreeBSD Foundation where are you?) Looks like expected behaviour for CanvasBlocker: https://github.com/kkapsner/CanvasBlocker/issues/171 __Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801251108.w0PB8q1f003471>