Quote
guenter
Zone Alarm wants it. Guess it is for plugins.
Did not check further - trusted application.
There is no big market share for walware producers that cater for K-Meleon anyway.
Guenter,
Thanks for the links. Traced it back to this interesting explanation.
Here is a recap of the history of why Gecko wants to have local server rights
from a guy named Nelson B:
http://groups.google.com/group/netscape.public.mozilla.general/browse_thread/thread/2c5be4a9830ec207/88cd0d6671240243
"When the decision was made back in 1998 to open the source to the Netscape browser, U.S. export control laws prohibited making crypto source code available from U.S. servers to non-US citizens. So, it was necessary to remove all the crypto code, and separate it into a separate program, whose source was not open. This program was first known as NSM, and later as PSM (psm.exe on windows). It worked with both Communicator 4.x and with Netscape 6.x. It acted somewhat like a local proxy server (for https only) and it so required server permissions. So, FAQs began to (correctly) explain that PSM needed server permissions, but that it only served requests from the local browser, and not requests from remote systems.
Then in mid-2000 the export regulations changed, and it became possible to get products with strong crypto identified as "retail commodities" by the US government. Once mozilla became so categorized, it became legally possible to open source the crypto code. Thereafter, there was no longer any legal/regulatory reason to keep the crypto code in a separate process from the mozilla browser process, and a project (code named PIP, for "PSM In Process") was begun to rewrite PSM to work as an integral part of mozilla, rather than as a separate process. This work was announced to mozilla developers at the mozilla architecture conference in October 2000 (see news://news.mozilla.org:119/39E24DED.30FA8...@netscape.com ) and more publicly on the mozilla web site in January 2001, when the project was renamed PSM 2.0 (see news://news.mozilla.org:119/3A705465.1080...@netscape.com and
http://www.mozilla.org/projects/security/pki/psm/ . Checkins of the new PSM code into the mozilla open source
repository began in January 2001. See
http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/manager/ss...
for the history of one such new PSM 2.0 / PIP source file. Notice the comments on revision 1.1.
Unlike PSM 1.x, PSM 2.x has never used server sockets to communicate with the mozilla browser. So, since PSM 2.0 was first released in mozilla, it has not been true that PSM code in mozilla needs server socket permissions, but certain third-parties and their web sites have continued to say that mozilla needs server permissions because of PSM, as it did in PSM 1.x.
However, mozilla has other software that continues to use server sockets. Like PSM 1.x, these sockets are only used to accept connections from client sockets running on the same system, not from remote systems. These so-called loopback connections allow mozilla to notice that certain events have taken place in the same way (using the same technique) that it uses to notice that data has arrived on a connection to a remote server, and hence are known as "pollable events". You can read more about them at
http://lxr.mozilla.org/nspr/source/nsprpub/pr/include/prio.h#1982
Mozilla uses them in its "socket transport service". I'm not sure what, if any, features of mozilla/TB/FF use that service, but the service is initialized (and the sockets created) during mozilla's initialization. As long as mozilla (and TB and FF) continue to use these pollable events, (and as long as they remain implemented using sockets and the loopback interface) they will continue to want to be permitted to act as a server for locally-initiated connections, even though PSM doesn't need it."
N