Subj : 0.0.0.0 Day: Exploiting Localhost APIs From the Browser (Oligo Securit
To   : All
From : LWN.net
Date : Thu Aug 08 2024 18:30:04

0.0.0.0 Day: Exploiting Localhost APIs From the Browser (Oligo Security)

Date:
Thu, 08 Aug 2024 17:15:20 +0000

Description:
The Oligo Security blog discloses a web-browser vulnerability that has been 
named "0.0.0.0 day".  In short,
browsers will allow JavaScript code to open connections to the all-zeroes
IPv4 address; the result is that any port that is open on the local host
can be accessed by a remote site.  " When services use localhost, they
assume a constrained environment. This assumption, which can (as in the
case of this vulnerability) be faulty, results in insecure server
implementations. "

======================================================================
Link to news story:
https://lwn.net/Articles/984838/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.