ThereĪ) Get Zonealarm and others to report that the browser is listening only on the Local process can connect to the loopback interface?ġ) Wan-teh and I believe that this is not a serious security problem.Ģ) Personal firewall products will report that the browser is listening. Kai, could you verify by an experiment that only a The socket (f) that is bound to the "any" device "any" >device, which makes this socket reachable from anywhere. But there is a bug, one of the sockets is bound to the
#Zonealarm security alert not show code
>The original author of the code intended to make these sockets bind to the Process can connect to the loopback interface. Listening socket is bound to the loopback network No, the non-Unix implementation of PR_NewTCPSocketPairĬreates only one, not two, listening socket. >implement some functionality, to provide for "pollable events". >Mozilla's lower level libraries, NSPR, creates two listening sockets to >The bug does not apply to Linux and Unix, but to all other platforms including >I would like to agree with the reporter that this is an unacceptable security Wtc responds to kaie's assessment of the problem: Here are some e-mail threads on this very topic: