A firm called Oligo Security flagged up the vulnerability this month and named it a 0.0.0.0 Day because it involves the 0.0.0.0 IPv4 address. It appears attackers have been abusing this flaw since at least the late 2000s.
The problem allows a malicious webpage to fire off requests to 0.0.0.0 and a port of its choosing, potentially granting access to local services running on the user's machine.
There are supposed to be security mechanisms in place, like Cross-Origin Resource Sharing (CORS), to prevent external websites from reaching localhost, but this flaw bypasses them.
It's quite a long shot in terms of practical exploitation, but the risk of unauthorized access to local services via a malicious webpage highlights a significant security concern.
[
Collection
]
[
|
...
]