Windows Is The Only One Safe From An 18 Year Old Browser Vulnerability

The 0.0.0.0 Day Vulnerability Is Almost Old Enough To Drink, And Remains A Threat
The news from Bleeping Computer about the fact that there is a 18 year old browser vulnerability is rather depressing, though there is a tiny bit of amusement to be gleaned. It seems the 0.0.0.0 Day Vulnerability only applies to Apple and PCs running Linux, both of which are often lauded as being much more secure than Windows boxes. In this specific case the tables are turned and Microsoft’s OS is the only safe one. We can thank the lack of consistent security mechanisms across browsers as well as the lack of a standard way of handling the IP address 0.0.0.0.
Malicious websites gain access to services running on a local computer by sending an HTTP request to 0.0.0.0 and referencing that service. As most of us aren’t running such services on our machines, the browser vulnerability isn’t something to be overly worried about. However this vulnerability is perfect for targeting AI workloads on development machines and this is likely why we’ve seen a huge uptick in 0.0.0.0 attacks over the past couple of months.
Chrome, Firefox and Safari will all finally receive patches to resolve the issue, but if you happen to be running something which could be vulnerable to the attack you should check out the mitigations mentioned in the news post and secure yourself as best as possible. If a website does take advantage of this browser vulnerability, it can leverage it in a variety of ways, from arbitrary code execution, reverse shells, to configuration alterations.
A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network.
More Tech News From Around The Web
- You can kick the alpha tires on System76’s Cosmic, a new Linux desktop @ Ars Technica
- We Bought 1347 Used Data Center SSDs to Look at SSD Endurance @ ServeTheHome
- Intel finally has a new GPU – for cars @ The Register
- Microsoft discloses Office zero-day, still working on a patch @ Bleeping Computer
- One startup’s plan to fix AI’s “shoplifting” problem @ Ars Technica
- Raspberry Has A New Pico, Built With The New RP2350 @ Hackaday
- Using 1Password on Mac? Patch up if you don’t want your Vaults raided @ The Register
- Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs @ Bleeping Computer
- macOS Sequoia Adds Weekly Permission Prompt For Screenshot and Screen Recording Apps @ Slashdot
- Home Security Giant ADT Says It Was Hacked @ Slashdot
- Devices with insecure SSH services are everywhere, say infosec duo @ The Register
- CISA warns of hackers abusing Cisco Smart Install feature @ Bleeping Computer
- It’s not worth paying to be removed from people-finder sites, study says @ Ars Technica
- Video Game Adaptation ‘Borderlands’ Hits Theaters With Rare 0% on Rotten Tomatoes @ Slashdot
- Netflix, Crunchyroll Impacted by Data Leak, With Full Episodes of Anime Titles Released @ Slashdot
- Warner Bros. Scrubs Cartoon Network Website, Erasing Years of History @ Gizmodo
- Low orbit satellites for phone service may cause more light pollution @ The Register
- WELOCK SECBNEBL51 Smart Fingerprint Door Lock Review @ NikKTech
Haven’t thought about 0.0.0.0 in a LONG while, but the question arises, the article doesn’t mention chrome OS. This can’t be a Chromebook vulnerability can it? I mean it IS Linux after all. One wonders
ALSO she can drink in Quebec
MONTREAL FO DA WIN!!!!!!!!!!!
Lol, I was going to point out she could drink in Hull/Gatineau. May the son of Saku bring us joy!