0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Securitycybersecuritynews.comexternal-link Dnb ( @Dnb@lemmy.dbzer0.com ) TechnologyEnglish • 1 month ago message-square16fedilinkarrow-up176
arrow-up176external-link0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Securitycybersecuritynews.com Dnb ( @Dnb@lemmy.dbzer0.com ) TechnologyEnglish • 1 month ago message-square16fedilink
minus-square Kissaki ( @Kissaki@beehaw.org ) linkfedilinkEnglish16•edit-21 month agonotably Windows is not impacted by this issue. quoting the main, critical part: Under public domain (.com), the browser sent the request to 0.0.0.0. The dummy server is listening on 127.0.0.1 (only on the loopback interface, not on all network interfaces). The server on localhost receives the request, processes it, and sends the response. The browser blocks the response content from propagating to Javascript due to CORS. This means public websites can access any open port on your host, without the ability to see the response.
notably
quoting the main, critical part: