InformAction Forums

Posted: **Sat Nov 11, 2017 3:51 am**

Firefox 52.4.0 and SeaMonkey 2.49.1
NoScript 5.1.5rc2
new profile

On https://noscript.net/getit, or any other site that's not LOCAL, open Web Console and run this code -

Code: Select all

let i = document.createElement('iframe');i.setAttribute('src','https://0.0.0.0');document.body.appendChild(i);

Expected results: get an iframe that says "The connection was refused..."

Actual results: ABE blocks the iframe load -

Code: Select all

[ABE] < LOCAL> Deny on {GET https://0.0.0.0/ <<< https://0.0.0.0/, https://noscript.net/getit - 7}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

I'm almost positive ABE didn't used to treat 0.0.0.0 as LOCAL. Is this change a bug?

Posted: **Sat Nov 11, 2017 10:01 pm**

In networking 0.0.0.0 is often treated as the ultimate path, meaning in practice it reflects your actual path to the internet, so it can often trigger any LOCAL designation, although I am not sure how specifically it triggers ABE's implementation but thought I share that.

This is one way to look at it: 0.0.0.0 Is Not a Normal IP Address
Here is another way: Default route

Posted: **Sat Nov 11, 2017 11:46 pm**

GµårÐïåñ wrote:This is one way to look at it:

That link requires login and I don't have one. Can you please quote the relevant part?

Posted: **Sun Nov 12, 2017 12:42 am**

barbaz wrote:
GµårÐïåñ wrote:This is one way to look at it:
That link requires login and I don't have one. Can you please quote the relevant part?

My sincerest apologies, I was working on a mock up with the Mozilla team, I put the link to that instead of the article, I have corrected it. Damn you copy paste and not looking at the clipboard monitor

InformAction Forums

0.0.0.0 being treated as LOCAL

0.0.0.0 being treated as LOCAL

Re: 0.0.0.0 being treated as LOCAL

Re: 0.0.0.0 being treated as LOCAL

Re: 0.0.0.0 being treated as LOCAL