0.0.0.0 being treated as LOCAL

[barbaz]

Firefox 52.4.0 and SeaMonkey 2.49.1
NoScript 5.1.5rc2
new profile

On https://noscript.net/getit, or any other site that's not LOCAL, open Web Console and run this code -

Code: Select all

let i = document.createElement('iframe');i.setAttribute('src','https://0.0.0.0');document.body.appendChild(i);

Expected results: get an iframe that says "The connection was refused..."

Actual results: ABE blocks the iframe load -

Code: Select all

[ABE] < LOCAL> Deny on {GET https://0.0.0.0/ <<< https://0.0.0.0/, https://noscript.net/getit - 7}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

I'm almost positive ABE didn't used to treat 0.0.0.0 as LOCAL. Is this change a bug?

[GµårÐïåñ]

In networking 0.0.0.0 is often treated as the ultimate path, meaning in practice it reflects your actual path to the internet, so it can often trigger any LOCAL designation, although I am not sure how specifically it triggers ABE's implementation but thought I share that.

This is one way to look at it: 0.0.0.0 Is Not a Normal IP Address
Here is another way: Default route

[barbaz]

This is one way to look at it:

That link requires login and I don't have one. Can you please quote the relevant part?

[GµårÐïåñ]

This is one way to look at it:

That link requires login and I don't have one. Can you please quote the relevant part?

My sincerest apologies, I was working on a mock up with the Mozilla team, I put the link to that instead of the article, I have corrected it. Damn you copy paste and not looking at the clipboard monitor