Salve, e' stato pubblicato un nuovo exploit del bug che ho recentemente segnalato a Mozilla e Google.

Basically any old webpage can perform local network host discovery on you. To implement this I made a webpage which attempts to load images from addresses 192.168.1.x. If you watch in the browser console it’ll show either net::ERR_CONNECTION_REFUSED for a host that’s up or net::ERR_ADDRESS_UNREACHABLE for a host that doesn’t exist. This is a CORS error which the javascript on the webpage is not allowed to differentiate by catching. But one error takes 3 ms to happen and the other takes 3 seconds!
[...]
A related thing a webpage in your browser might do is connect to localhost and control any unauthenticated local services. Taviso used this to great effect here https://github.com/spesmilo/electrum/issues/3374

https://rain-1.github.io/in-browser-localhostdiscovery

E con questo siamo a 2 exploit che vanificano firewall e proxy aziendali.

E io ne ho descritti altri nel bug report!

E Mozilla tace. Io sono allibito.

Ricordate "this is the Web functioning as desinged"!

Giacomo