[tor-bugs] #10854 [Firefox Patch Issues]: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Feb 9 17:50:34 UTC 2014
#10854: Limit IPv4 addresses to dotted-decimal form (as per RFC3986)
----------------------------------+---------------------------
Reporter: oc | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
[http://tools.ietf.org/html/rfc3986#section-3.2.2 RFC3986] specifies that
host IPv4 addresses must be in dotted-decimal format (xxx.xxx.xxx.xxx) in
a URI.
However, on certain platforms (Unices) Firefox also allows alternative
formats: octal, base 256, single long int… There is a longstanding
[https://bugzilla.mozilla.org/show_bug.cgi?id=67730 ticket] to change this
behavior, as alternate IP representations nowadays only serve for
malicious address obfuscation or filters bypassing.
The Tor browser should stick to the RFC in order to prevent such abuses
and present a uniform behavior across platforms.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10854>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list