Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accessing other services via TCP is not mentioned in threats #14

Open
alvestrand opened this issue Aug 21, 2020 · 1 comment
Open

Accessing other services via TCP is not mentioned in threats #14

alvestrand opened this issue Aug 21, 2020 · 1 comment

Comments

@alvestrand
Copy link

Example: Many organizations permit submitting mail from an user's PC unencrypted and unauthenticated.
This extension would allow any Web page or service to connect to port 25 of the mailserver and inject mail.
@ewilligers
Copy link
Collaborator

Instead of, or in addition to, showing the port number, the user agent can describe the well know use for the port, for example "mail" or "sending mail".

Web pages will only be able to connect to port 25 of the mailserver if the user enters the mail host name/address and consents.

Note also "User agents may restrict use of the API when enterprise software policies are in effect. For example, user agents might by default not allow use of this API unless the user has permission to install new binaries."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alvestrand @ewilligers