(NIH) Internal IP address exposure in Firefox and Chrome

UPDATE (29/05/2015): the attack is actually much older. Apparently it was discovered by Nathan Vander Wilt and coded on September 8th, 2013, or even a bit earlier.

Fascinating. All internal IP addresses are quickly and silently discovered. Works like a charm.

Annotated code and test page are available. Apparently this was made public late January 2015.

Now in use by cyber criminals.