Home Hardware Tutorial Hardware News 0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

Aug 09, 2024 pm 12:42 PM
linux macos laptop security browser test Notebook review reviews tests reports netbook

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

An 18-year-old vulnerability, known as the "0.0.0.0 Day" flaw, has been disclosed to allow malicious websites to bypass security protocols in major web browsers, including Google Chrome, Mozilla Firefox, and Apple Safari. The flaw primarily affects Linux and macOSdevices, giving threat actors remote access, using which they can change settings, gain unauthorized access to sensitive information, and even achieve remote code execution. Despite being initially reported in 2008, the issue is still unresolved in these browsers, though developers have acknowledged the problem and are reportedly working towards a fix.

The "0.0.0.0 Day" vulnerability arises from inconsistent security mechanisms across different browsers and the lack of standardization that permits public websites to interact with local network services using the "wildcard" IP address 0.0.0.0. By leveraging this IP address, attackers can target local services. "0.0.0.0" is often interpreted as representing all IP addresses on a local machine.

Researchers at Oligo Security have observed multiple threat actors exploiting this flaw. Campaigns such as ShadowRay and Selenium attacks are actively targeting AI workloads and Selenium Grid servers. In response, web browser developers are starting to implement measures to block access to 0.0.0.0, with Google Chrome, Mozilla Firefox, and Apple Safari all planning updates to address the issue.

Until these fixes are fully implemented, Oligo recommends that developers adopt additional security measures, such as using PNA (Private Network Access) headers, verifying HOST headers, and employing HTTPS and CSRF (Cross-Site Request Forgery) tokens, to protect their applications.

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

The above is the detailed content of 0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

What computer configuration is required for vscode What computer configuration is required for vscode Apr 15, 2025 pm 09:48 PM

VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)

How to run java code in notepad How to run java code in notepad Apr 16, 2025 pm 07:39 PM

Although Notepad cannot run Java code directly, it can be achieved by using other tools: using the command line compiler (javac) to generate a bytecode file (filename.class). Use the Java interpreter (java) to interpret bytecode, execute the code, and output the result.

Linux Architecture: Unveiling the 5 Basic Components Linux Architecture: Unveiling the 5 Basic Components Apr 20, 2025 am 12:04 AM

The five basic components of the Linux system are: 1. Kernel, 2. System library, 3. System utilities, 4. Graphical user interface, 5. Applications. The kernel manages hardware resources, the system library provides precompiled functions, system utilities are used for system management, the GUI provides visual interaction, and applications use these components to implement functions.

How to use VSCode How to use VSCode Apr 15, 2025 pm 11:21 PM

Visual Studio Code (VSCode) is a cross-platform, open source and free code editor developed by Microsoft. It is known for its lightweight, scalability and support for a wide range of programming languages. To install VSCode, please visit the official website to download and run the installer. When using VSCode, you can create new projects, edit code, debug code, navigate projects, expand VSCode, and manage settings. VSCode is available for Windows, macOS, and Linux, supports multiple programming languages ​​and provides various extensions through Marketplace. Its advantages include lightweight, scalability, extensive language support, rich features and version

How to check the warehouse address of git How to check the warehouse address of git Apr 17, 2025 pm 01:54 PM

To view the Git repository address, perform the following steps: 1. Open the command line and navigate to the repository directory; 2. Run the "git remote -v" command; 3. View the repository name in the output and its corresponding address.

What is the main purpose of Linux? What is the main purpose of Linux? Apr 16, 2025 am 12:19 AM

The main uses of Linux include: 1. Server operating system, 2. Embedded system, 3. Desktop operating system, 4. Development and testing environment. Linux excels in these areas, providing stability, security and efficient development tools.

laravel installation code laravel installation code Apr 18, 2025 pm 12:30 PM

To install Laravel, follow these steps in sequence: Install Composer (for macOS/Linux and Windows) Install Laravel Installer Create a new project Start Service Access Application (URL: http://127.0.0.1:8000) Set up the database connection (if required)

vscode terminal usage tutorial vscode terminal usage tutorial Apr 15, 2025 pm 10:09 PM

vscode built-in terminal is a development tool that allows running commands and scripts within the editor to simplify the development process. How to use vscode terminal: Open the terminal with the shortcut key (Ctrl/Cmd). Enter a command or run the script. Use hotkeys (such as Ctrl L to clear the terminal). Change the working directory (such as the cd command). Advanced features include debug mode, automatic code snippet completion, and interactive command history.

See all articles