1. Forum
  2. tqwNet
  3. TQW LINUX

  • 0.0.0.0 Day: Exploiting Localhost APIs From the Browser (Oligo Securit

    From LWN.net@1337:1/100 to All on Thu Aug 8 18:30:04 2024
    0.0.0.0 Day: Exploiting Localhost APIs From the Browser (Oligo Security)

    Date:
    Thu, 08 Aug 2024 17:15:20 +0000

    Description:
    The Oligo Security blog discloses a web-browser vulnerability that has been named "0.0.0.0 day". In short,
    browsers will allow JavaScript code to open connections to the all-zeroes
    IPv4 address; the result is that any port that is open on the local host
    can be accessed by a remote site. " When services use localhost, they
    assume a constrained environment. This assumption, which can (as in the
    case of this vulnerability) be faulty, results in insecure server implementations. "

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/984838/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)