search
HomeHardware TutorialHardware News0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

Aug 09, 2024 pm 12:42 PM
linuxmacoslaptopsecuritybrowsertestNotebookreviewreviewstestsreportsnetbook

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

An 18-year-old vulnerability, known as the "0.0.0.0 Day" flaw, has been disclosed to allow malicious websites to bypass security protocols in major web browsers, including Google Chrome, Mozilla Firefox, and Apple Safari. The flaw primarily affects Linux and macOSdevices, giving threat actors remote access, using which they can change settings, gain unauthorized access to sensitive information, and even achieve remote code execution. Despite being initially reported in 2008, the issue is still unresolved in these browsers, though developers have acknowledged the problem and are reportedly working towards a fix.

The "0.0.0.0 Day" vulnerability arises from inconsistent security mechanisms across different browsers and the lack of standardization that permits public websites to interact with local network services using the "wildcard" IP address 0.0.0.0. By leveraging this IP address, attackers can target local services. "0.0.0.0" is often interpreted as representing all IP addresses on a local machine.

Researchers at Oligo Security have observed multiple threat actors exploiting this flaw. Campaigns such as ShadowRay and Selenium attacks are actively targeting AI workloads and Selenium Grid servers. In response, web browser developers are starting to implement measures to block access to 0.0.0.0, with Google Chrome, Mozilla Firefox, and Apple Safari all planning updates to address the issue.

Until these fixes are fully implemented, Oligo recommends that developers adopt additional security measures, such as using PNA (Private Network Access) headers, verifying HOST headers, and employing HTTPS and CSRF (Cross-Site Request Forgery) tokens, to protect their applications.

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

The above is the detailed content of 0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Send Web Links That Jump to the Exact Text You MeanSend Web Links That Jump to the Exact Text You MeanApr 25, 2025 pm 09:01 PM

Sometimes when you share a webpage link with someone, you just want to bring their attention to a specific passage or sentence to make your point, rather than have them read through the entire article.In 2020, Google added a function to its Chrome br

Everything Rumored for the 2025 Apple Watch Series 11Everything Rumored for the 2025 Apple Watch Series 11Apr 25, 2025 am 09:59 AM

As we celebrate the 10th anniversary of the Apple Watch today, we thought we'd take a look at what Apple has in store for the next-generation version of the device that's coming this fall. The Apple Watch Series 11 doesn't sound like it's going to be

The best monitors for Xbox Series X in 2025The best monitors for Xbox Series X in 2025Apr 25, 2025 am 09:16 AM

Level up your Xbox experience with one of the best monitors for Xbox Series X. A dedicated gaming monitor can be a worthy alternative to one of the best gaming TVs, offering a sharper picture or high-end features like a blazing fast refresh rate or s

The best SSD for PS5 in 2025: top storage expansion options tested and rankedThe best SSD for PS5 in 2025: top storage expansion options tested and rankedApr 25, 2025 am 09:08 AM

The best SSD for PS5 is a must if you own lots of PS5 games. Many of the most popular titles on the platform now require more than 100GB of storage space, with some coming in even higher. On my personal PS5, I have more than 300GB taken up by just Ca

Shopping for a Nintendo Switch 2 on eBay? Beware of deals that aren't worth the paper they're printed on – and that's the pointShopping for a Nintendo Switch 2 on eBay? Beware of deals that aren't worth the paper they're printed on – and that's the pointApr 25, 2025 am 09:02 AM

Nintendo Switch 2 pre-orders have kicked off in the United StatesWe've spotted several eBay listings promising a Switch 2 pre-order, but they aren't what they seemInstead of a console, you'll get a photo of the Switch 2Nintendo Switch 2 pre-orders ar

Forget Fallout, this post-apocalyptic shooter is free right now to celebrate its 15th anniversaryForget Fallout, this post-apocalyptic shooter is free right now to celebrate its 15th anniversaryApr 24, 2025 am 10:47 AM

The latest PlayStation Store sale starts today, bringing loads of unmissable discounts on some of the very best PS5 games around.Titled 'Big Games, Big Deals', the sale ends on May 7, giving you just over two weeks to take advantage of the savings an

BioShock 4 - everything we know about the next BioShock gameBioShock 4 - everything we know about the next BioShock gameApr 24, 2025 am 10:21 AM

Despite having been announced over five years ago, we barely know anything about BioShock 4, and have next to nothing that's been officially confirmed. This is a shame given it's one of the most interesting and highly acclaimed gaming series of all t

Star Wars KOTOR remake - everything we know so farStar Wars KOTOR remake - everything we know so farApr 24, 2025 am 09:53 AM

Though there's not been much news directly about the game recently, work on the Star Wars: Knights of the Old Republic (KOTOR) remake is presumed to be ongoing. That said, since we've not seen any substantial updates since the brief teaser released i

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.