Home Hardware Tutorial Hardware News 0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

Aug 09, 2024 pm 12:42 PM
linux macos laptop security browser test Notebook review reviews tests reports netbook

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

An 18-year-old vulnerability, known as the "0.0.0.0 Day" flaw, has been disclosed to allow malicious websites to bypass security protocols in major web browsers, including Google Chrome, Mozilla Firefox, and Apple Safari. The flaw primarily affects Linux and macOSdevices, giving threat actors remote access, using which they can change settings, gain unauthorized access to sensitive information, and even achieve remote code execution. Despite being initially reported in 2008, the issue is still unresolved in these browsers, though developers have acknowledged the problem and are reportedly working towards a fix.

The "0.0.0.0 Day" vulnerability arises from inconsistent security mechanisms across different browsers and the lack of standardization that permits public websites to interact with local network services using the "wildcard" IP address 0.0.0.0. By leveraging this IP address, attackers can target local services. "0.0.0.0" is often interpreted as representing all IP addresses on a local machine.

Researchers at Oligo Security have observed multiple threat actors exploiting this flaw. Campaigns such as ShadowRay and Selenium attacks are actively targeting AI workloads and Selenium Grid servers. In response, web browser developers are starting to implement measures to block access to 0.0.0.0, with Google Chrome, Mozilla Firefox, and Apple Safari all planning updates to address the issue.

Until these fixes are fully implemented, Oligo recommends that developers adopt additional security measures, such as using PNA (Private Network Access) headers, verifying HOST headers, and employing HTTPS and CSRF (Cross-Site Request Forgery) tokens, to protect their applications.

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

The above is the detailed content of 0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Article Tags

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

How to update the latest version of Bybit Exchange? Will there be any impact if it is not updated? How to update the latest version of Bybit Exchange? Will there be any impact if it is not updated? Feb 21, 2025 pm 10:54 PM

How to update the latest version of Bybit Exchange? Will there be any impact if it is not updated?

deepseek web version entrance deepseek official website entrance deepseek web version entrance deepseek official website entrance Feb 19, 2025 pm 04:54 PM

deepseek web version entrance deepseek official website entrance

How to install deepseek How to install deepseek Feb 19, 2025 pm 05:48 PM

How to install deepseek

Huawei Watch GT 5 smartwatch gets update with new features Huawei Watch GT 5 smartwatch gets update with new features Oct 03, 2024 am 06:25 AM

Huawei Watch GT 5 smartwatch gets update with new features

Coinsuper exchange software channel official website entrance Coinsuper exchange software channel official website entrance Feb 21, 2025 pm 10:39 PM

Coinsuper exchange software channel official website entrance

BITGet official website installation (2025 beginner's guide) BITGet official website installation (2025 beginner's guide) Feb 21, 2025 pm 08:42 PM

BITGet official website installation (2025 beginner's guide)

Ouyi okx installation package is directly included Ouyi okx installation package is directly included Feb 21, 2025 pm 08:00 PM

Ouyi okx installation package is directly included

Get the gate.io installation package for free Get the gate.io installation package for free Feb 21, 2025 pm 08:21 PM

Get the gate.io installation package for free

See all articles