Furious at Firefox
Oh. My. God. I can't even begin to describe how insanely stupid this is. I just went to open a site in Firefox (since it wasn't rendering in Konqueror quite right) and I get greeted by the most stupid error message I think I've ever seen:
"This address is restricted: This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection."
And to add insult to injury, there's a "Try again" button which will kindly display the same error message for you again.
I'm sorry, but since when does a web-browser know what ports are safe and what are not? This is utter rubbish, snake-oil security. There is no security benefit in blocking certain ports - that's a local site policy decision, not some safety panacea. Whoever thought of this needs to wake up and smell the coffee, you are not the security genius you think you are, moron.
To make matters worse, there is no existing configuration setting where you can disable this behaviour. In fact, you can't even disable it outright as far as I can see. What you can do though is add a new setting in the about:config page and define a list of ports you want to allow. Oh great, so we've got to nit-pick around for every port we come across. Or so it seems - it turns out that the setting also accepts port ranges. Ahh... now that makes things a bit easier, we can just allow every port in existence. Ok, so let's undo the braindamage that some mouth-breathing snotty nosed excuse of a mozilla developer (or a whole team of them) has done:
- Go to about:config in your Firefox browser.
- Right click somewhere, and choose "New => String"
- In the setting Name box type "network.security.ports.banned.override"
- In the Setting Value box, type "1-65535". Yep, that's all of 'em
- Click OK
Now that "Try Again" button is useful - bang it and see if your page loads properly.
The good news is that someone has already logged a bug against this "feature" calling for it to be removed or at least have an existing config option to control it. The bad news is that removing it altogether doesn't sound like a likely response, something about protecting intranets from internal probing - come on, that really isn't Firefox's problem. If people stop using firefox and go back to IE then the firefox team have actually made things less safe, if indirectly. Anyway, go and vent here: https://bugzilla.mozilla.org/show_bug.cgi?id=341636.