Bug 115174

Summary: Mozilla bogus "security" blocks use of 3ware configuration tool
Product: Red Hat Enterprise Linux 3 Reporter: Alan Cox <alan>
Component: mozillaAssignee: Christopher Aillon <caillon>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 3.0CC: k.georgiou
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.4.3-3.0.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-08-13 03:53:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alan Cox 2004-02-07 22:14:03 UTC 
Description of problem:

Badly broken "security" model means you cannot manage 3Ware disk
arrays with Mozilla. Mozilla refuses to do http on port 1080 despite
the fact people choose it as "port 80 + 1000". It does this for
automatic URL's - where I can see why it should *ASK* the user, but it
blocks without asking. Worse still it won't even allow it on the
command line.

How reproducible:
100%

Steps to Reproduce:
1. Install 3dm manager for 3ware cards (as supported by RHEL3)
2. Attempt to point web browser at port 1080
  
Actual results:
Erroneous refusal

Expected results:
Configuration interface

The following web browsers get this right

Internet Explorer, Lynx, Elinks, Konqueror, Dillo, and in fact every
other web browser I can lay my hands on (except Epiphany which has the
nasty mozilla disease)

Additional Info:

I think I'm going to move most of my web site to port 1080 solely for
your enjoyment <evil grin>
Comment 1 Christopher Blizzard 2004-02-07 22:19:32 UTC 
Not so bogus, no.

http://www.mozilla.org/projects/netlib/PortBanning.html
Comment 2 Alan Cox 2004-02-07 22:21:33 UTC 
And if you read the 2.5 year old bug that points to, you find it
agrees with me that there is a real problem and it should *ask*.

What is the official alternative RHEL3 approach for managing 3ware
disk arrays ?
Comment 3 Christopher Aillon 2004-04-01 22:50:18 UTC 
I convinced dougt and co. to unblock port 1080, with arguments from
myself and others that blocking this port doesn't yield any of the
advertised benefits.  Mozilla proper will have this fix for 1.7 final.
 It is a one line patch, and can be easily back ported if we need to
do so.  See
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2004-04-01+14%3A30%3A59&maxdate=2004-04-01+14%3A32%3A00&cvsroot=%2Fcvsroot
Comment 5 Christopher Aillon 2004-08-13 03:53:11 UTC 
Errata'd as mozilla-1.4.3-3.0.2