Comment by ImPostingOnHN
9 hours ago
Or you visit a webpage that makes a request to an arbitrary server on an arbitrary port while not running a default-deny application firewall
9 hours ago
Or you visit a webpage that makes a request to an arbitrary server on an arbitrary port while not running a default-deny application firewall
I don't believe that opens a port to accept an incoming connection.
Even if it did, a web page making a request can't control the source port for the connection. They still couldn't make a local network service exposed to the Internet.
WebRTC and similar tools have existed for over a decade at this point and been abused horribly. Many common UPNP or similar daemons trust ANYTHING on the "trusted" side and will happily grant basically anything asked for because their vendors don't want customer support calls over whatever insane behavior some printer or IOT lightbulb is doing without the end user's knowledge.