In short in Firefox 112, it is possible to check existence
of firewalled web servers. This doesn't work in Chrome and Chromium 112
If user A has tcp connection to web server B, then in the
<iframe src="http://B" onload="load()" onerror="alert('error')" id="i1" />
valid document to A's browser and will not be executed otherwise.
This work for both http and https, and for http it is allowed
B to be IP address. Under some configurations of Apache2,
it serves http despite having https configured.
Potential privacy implication is when the attacker guess the
range of firewalled IPs and check them all in a loop.
For online test:
Sent through the Full Disclosure mailing list
Web Archives & RSS: https://seclists.org/fulldisclosure/