Malicious URL ? https://[::]/
Martin Simmons
martin at lispworks.com
Thu Jan 25 11:19:17 UTC 2018
>>>>> On Wed, 24 Jan 2018 12:02:47 -0800 (PST), Roger Marquis said:
>
> Another intermediate URL-checker reports that the plugin in question
> (CanvasBlocker) is requesting https://[::]/ directly. If a bug this is
> the first I've seen of it's kind. If not the question is what threat
> profile [::]:443 might expose. (Other than the obvious jail vector
> which really should be fixed. FreeBSD Foundation where are you?)
Looks like expected behaviour for CanvasBlocker:
https://github.com/kkapsner/CanvasBlocker/issues/171
__Martin
More information about the freebsd-security
mailing list