Closed Atavic closed 5 years ago
network.connectivity-service prefs in FF 65:
pref("network.connectivity-service.DNSv4.domain", "mozilla.org"); pref("network.connectivity-service.DNSv6.domain", "mozilla.org"); pref("network.connectivity-service.enabled", true); pref("network.connectivity-service.IPv4.url", "http://detectportal.firefox.com/success.txt?ipv4"); pref("network.connectivity-service.IPv6.url", "http://detectportal.firefox.com/success.txt?ipv6");
...are a group of unneeded entries unless you use Sync account and maybe Push notifcations.
Windows NCSI is exactly the same as FF network.connectivity-service prefs, as both do:
A DNS query respectively to dns.msftncsi.com & mozilla.org
A HTTP query that gets a mere text, respectively Microsoft NCSI and success from:
Microsoft NCSI
success
http://www.msftncsi.com/ncsi.txt and http://detectportal.firefox.com/success.txt
http://www.msftncsi.com/ncsi.txt
http://detectportal.firefox.com/success.txt
These FF 65 entries go against the security principle of a reduced attack surface, as there's a DNS Hijack opportunity.
Great thanks for reporting back i'll take care of that ;)
network.connectivity-service prefs in FF 65:
...are a group of unneeded entries unless you use Sync account and maybe Push notifcations.
Windows NCSI is exactly the same as FF network.connectivity-service prefs, as both do:
A DNS query respectively to dns.msftncsi.com & mozilla.org
A HTTP query that gets a mere text, respectively
Microsoft NCSI
andsuccess
from:http://www.msftncsi.com/ncsi.txt
andhttp://detectportal.firefox.com/success.txt
These FF 65 entries go against the security principle of a reduced attack surface, as there's a DNS Hijack opportunity.