User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.7) Gecko/20040627 Firefox/0.9.0+ (shill) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.7) Gecko/20040627 Firefox/0.9.0+ (shill) In Win32, any reference to a telnet URL will cause a telnet console window to open when it's activated. The problem is that *any* telnet URL in a webpage, not just hyperlinks, can open these windows. Reproducible: Always Steps to Reproduce: 1. Create a HTML file with the following code: <html> <head> <style> body { background: url(telnet://); } </style> </head> <body></body> </html> 2. Open the HTML page in the browser. Actual Results: The CSS will attempt to load the background image for the <body> element. This makes the browser try to load the URL, and because there is no internal handler for it, it passes the URL to the OS causing a telnet.exe window to open. Expected Results: The telnet:// in the CSS should be treated as an invalid URL and ignored. The HTML code above can easily be modified to open a lot of windows (<style> * {...} </style>). If the telnet URL happens to be a valid remote URL, then each window will also be opening connections to that site. This will work as described in several different versions of Mozilla and Firefox, including the current versions (1.7.1 and 0.9.2). FWIW, it does the same in IE6 too. The safest way to fix it would be to disable it completely like the "shell:" patch, but some people might have legitimate uses for telnet. Maybe have it enabled only for hyperlinks?

This may dup to bug 213280.

*** This bug has been marked as a duplicate of 213280 ***