1. Open https://www.telehansa.net/cgi-bin/thnet?language=ENG 2. Just hit the "Enter with ID-Card" button. 3. The URL is https://www.telehansa.net:563/cgi-bin/thnet 4. In FF2b1 you'll get: This address is restricted This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection. No banking is possible. The Hansapank is the major bank in all 3 Baltic states (Estonia, Latvia, Lithuania) and started business in Russia.

The https://www.telehansa.net is made for business. For the private users they use this banking domain: https://www.hanza.net/cgi-bin/hanzanet?language=ENG and the ID-card link is https://www.hanza.net:563/cgi-bin/hanzanet

There is a hidden pref to override this security feature in about:config. network.security.ports.banned.override It can be set to one or more (comma separated) ports that should be allowed. *** This bug has been marked as a duplicate of 85601 ***

So, every user must change it by hand? In FF1.5 it works well without any modding. BTW I did not installed the FF 2.0 Beta 2 yet.

*** Bug 355259 has been marked as a duplicate of this bug. ***

Un-duping. The other bug asks for a generic UI to make setting this easier. The Estonian bank problem can be fixed in other ways e.g. backing out part of bug 301762. "Depends on" maybe. We can certainly point fingers of blame around (see RFCs that clearly say ports 256-1024 are reserved for standard services -- that means not websites), but if there are really that many users maybe that outweighs theoretical server attacks on the NNTP service.

Have we tried contacting this bank yet?

(In reply to comment #5) > Un-duping. The other bug asks for a generic UI to make setting this easier. The > Estonian bank problem can be fixed in other ways e.g. backing out part of bug > 301762. "Depends on" maybe. Such a UI could specify per site, much like the pop=up blocker and extension server whitelist. So the port would only be open on the banking site.

Unduping is fine, but we're still not going to block Firefox 2 on this bug. Adding relnote keyword, I suppose. Suggesting we also open a tech evangelism bug.

Actually it's not only Estonia, but Latvia and Lithuania also.

(In reply to comment #8) > Suggesting we also open a tech evangelism bug. Mike, was this ever done? I don't see one, and I agree that our primary strategy on this issue should be to convince the bank to stop using port 563.

Now the issue is gone for the bank. May we close it or should it be open for future problems?

Well, there's no need to open a TE bug any more, that's for sure :) It's not exactly clear to me what this bug is asking for at this point. Is the desire to have per-site security exception UI so that specific sites can use specific non-standard ports (basically comment 7)? If so, that seems a little silly to me. Why are these sites using non-standard ports for things they shouldn't be using them for? Wouldn't it be better to keep the about:config setting described in comment 2 and file TE bugs on the affected sites in an attempt to convince them that they're doing something wrong?

There's no need to morph this into a dup of bug 85601, either :)