
Hosts file ignored on Windows with DNS over HTTP enabled in latest Firefox - eajr
I created a security bug on Mozilla&#x27;s BugBounty but I thought it would be good to inform HN users. Here is the copied text from the bug:<p>I use https:&#x2F;&#x2F;github.com&#x2F;StevenBlack&#x2F;hosts to add ads, malware, social media, etc to my hosts file in order to stop the pervasive tracking by adtech and social media companies. With the latest Firefox (stable) 74.0 and the default settings of DNS over HTTP thru cloudflare my hosts file is ignored. Even though facebook.com is supposed to route to 0.0.0.0 I am still able to resolve this in Firefox (but not via ping or any other hosts respecting software). This seems like a major issue and people should be aware of the risks of this default setting being enabled.<p>So basically Firefox now completely ignores your OS settings, and sets up a proxy by default.
======
zzo38computer
I think that it ought to be configurable. If you do not specify a DNS proxy in
Firefox, then the operating system's DNS should be used. If it does have its
own service activated (which it shouldn't; this should be a part of the
operating system instead and not part of Firefox), then it makes sense it
won't pay attention to the hosts file (although then they would have to add
their own implementation of such thing, perhaps with there own hosts file,
which might just be a symlink to the operating system hosts file if that is
what the user wants).

------
jeffal
I consider this logical behavior by Firefox.

