0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox-Hardware News-php.cn

Home

Hardware Tutorial

Hardware News

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Aug 09, 2024 pm 12:42 PM

linuxmacoslaptopsecuritybrowsertestNotebookreviewreviewstestsreportsnetbook

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

An 18-year-old vulnerability, known as the "0.0.0.0 Day" flaw, has been disclosed to allow malicious websites to bypass security protocols in major web browsers, including Google Chrome, Mozilla Firefox, and Apple Safari. The flaw primarily affects Linux and macOSdevices, giving threat actors remote access, using which they can change settings, gain unauthorized access to sensitive information, and even achieve remote code execution. Despite being initially reported in 2008, the issue is still unresolved in these browsers, though developers have acknowledged the problem and are reportedly working towards a fix.

The "0.0.0.0 Day" vulnerability arises from inconsistent security mechanisms across different browsers and the lack of standardization that permits public websites to interact with local network services using the "wildcard" IP address 0.0.0.0. By leveraging this IP address, attackers can target local services. "0.0.0.0" is often interpreted as representing all IP addresses on a local machine.

Researchers at Oligo Security have observed multiple threat actors exploiting this flaw. Campaigns such as ShadowRay and Selenium attacks are actively targeting AI workloads and Selenium Grid servers. In response, web browser developers are starting to implement measures to block access to 0.0.0.0, with Google Chrome, Mozilla Firefox, and Apple Safari all planning updates to address the issue.

Until these fixes are fully implemented, Oligo recommends that developers adopt additional security measures, such as using PNA (Private Network Access) headers, verifying HOST headers, and employing HTTPS and CSRF (Cross-Site Request Forgery) tokens, to protect their applications.

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

The above is the detailed content of 0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Send Web Links That Jump to the Exact Text You MeanApr 25, 2025 pm 09:01 PM

Sometimes when you share a webpage link with someone, you just want to bring their attention to a specific passage or sentence to make your point, rather than have them read through the entire article.In 2020, Google added a function to its Chrome br

Everything Rumored for the 2025 Apple Watch Series 11Apr 25, 2025 am 09:59 AM

As we celebrate the 10th anniversary of the Apple Watch today, we thought we'd take a look at what Apple has in store for the next-generation version of the device that's coming this fall. The Apple Watch Series 11 doesn't sound like it's going to be

The best monitors for Xbox Series X in 2025Apr 25, 2025 am 09:16 AM

Level up your Xbox experience with one of the best monitors for Xbox Series X. A dedicated gaming monitor can be a worthy alternative to one of the best gaming TVs, offering a sharper picture or high-end features like a blazing fast refresh rate or s

The best SSD for PS5 in 2025: top storage expansion options tested and rankedApr 25, 2025 am 09:08 AM

The best SSD for PS5 is a must if you own lots of PS5 games. Many of the most popular titles on the platform now require more than 100GB of storage space, with some coming in even higher. On my personal PS5, I have more than 300GB taken up by just Ca

Shopping for a Nintendo Switch 2 on eBay? Beware of deals that aren't worth the paper they're printed on – and that's the pointApr 25, 2025 am 09:02 AM

Nintendo Switch 2 pre-orders have kicked off in the United StatesWe've spotted several eBay listings promising a Switch 2 pre-order, but they aren't what they seemInstead of a console, you'll get a photo of the Switch 2Nintendo Switch 2 pre-orders ar

Forget Fallout, this post-apocalyptic shooter is free right now to celebrate its 15th anniversaryApr 24, 2025 am 10:47 AM

The latest PlayStation Store sale starts today, bringing loads of unmissable discounts on some of the very best PS5 games around.Titled 'Big Games, Big Deals', the sale ends on May 7, giving you just over two weeks to take advantage of the savings an

BioShock 4 - everything we know about the next BioShock gameApr 24, 2025 am 10:21 AM

Despite having been announced over five years ago, we barely know anything about BioShock 4, and have next to nothing that's been officially confirmed. This is a shame given it's one of the most interesting and highly acclaimed gaming series of all t

Star Wars KOTOR remake - everything we know so farApr 24, 2025 am 09:53 AM

Though there's not been much news directly about the game recently, work on the Star Wars: Knights of the Old Republic (KOTOR) remake is presumed to be ongoing. That said, since we've not seen any substantial updates since the brief teaser released i

See all articles