N/A

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

N/A

N/A

Mozilla Firefox 安全漏洞

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 FireFox 存在安全漏洞，该漏洞源于使用基于HTTPS的DNS时，它会故意从响应中过滤RFC1918和相关的IP范围，因为这些来自DoH解析器是没有意义的。 但是，当通过IPv6映射IPv4地址时，这些地址被错误地允许通过，从而导致潜在的DNS重新绑定攻击。

N/A

N/A