Dnb@lemmy.dbzer0.com to Technology@beehaw.orgEnglish · 3 months ago0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Securitycybersecuritynews.comexternal-linkmessage-square17fedilinkarrow-up176arrow-down10
arrow-up176arrow-down1external-link0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Bypass All Browser Securitycybersecuritynews.comDnb@lemmy.dbzer0.com to Technology@beehaw.orgEnglish · 3 months agomessage-square17fedilink
minus-squaretyler@programming.devlinkfedilinkarrow-up26·3 months agoThe article literally doesn’t explain the vulnerability at all.
minus-squarefloofloof@lemmy.calinkfedilinkEnglisharrow-up26·edit-23 months agoIt keeps promising to, then goes off into more ChatGPT-style rambling. It’s a bad article. This one is more informative: https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
minus-squareKissaki@beehaw.orglinkfedilinkEnglisharrow-up15·edit-23 months agonotably Windows is not impacted by this issue. quoting the main, critical part: Under public domain (.com), the browser sent the request to 0.0.0.0. The dummy server is listening on 127.0.0.1 (only on the loopback interface, not on all network interfaces). The server on localhost receives the request, processes it, and sends the response. The browser blocks the response content from propagating to Javascript due to CORS. This means public websites can access any open port on your host, without the ability to see the response.
minus-squareThe Doctor@beehaw.orglinkfedilinkEnglisharrow-up7·3 months agoEverybody who could explain it well is at Hacker Summer Camp right now.
minus-squareunconfirmedsourcesDOTgov@lemmy.sdf.orglinkfedilinkarrow-up4·3 months agoI didn’t realize DEFCON was this weekend already, but this is a solid point 😂
minus-squarebiscuitswalrus@aussie.zonelinkfedilinkarrow-up7·3 months agoI ended up reading it on bleeping computer since the linked site looks like an auto tldr bot saved 50% of the words. The important 50% was discarded. https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/
The article literally doesn’t explain the vulnerability at all.
It keeps promising to, then goes off into more ChatGPT-style rambling. It’s a bad article. This one is more informative:
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
notably
quoting the main, critical part:
Everybody who could explain it well is at Hacker Summer Camp right now.
I didn’t realize DEFCON was this weekend already, but this is a solid point 😂
I ended up reading it on bleeping computer since the linked site looks like an auto tldr bot saved 50% of the words. The important 50% was discarded.
https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/