this post was submitted on 31 Jan 2025
27 points (100.0% liked)

Firefox

4408 readers
3 users here now

A community for discussion about Mozilla Firefox.

founded 2 years ago
MODERATORS
[email protected]
27
Firefox Blocks 0.0.0.0 IP Addresses: Tell Us What This Means To You! (connect.mozilla.org)
submitted 1 week ago by [email protected] to c/[email protected]
6 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 week ago

Oligo Researchers have found that public websites (like domains ending in .com) are able to communicate with services running on the local network (localhost) and potentially execute arbitrary code on the visitor’s host by using the address 0.0.0.0 instead of localhost/127.0.0.1. 

Remediation In Progress: Browsers Will Soon Block 0.0.0.0

Following responsible disclosure, HTTP requests to 0.0.0.0 are now being added to security standards using a Request for Comment (RFC), and some browsers will soon block access to 0.0.0.0 completely. 0.0.0.0 will not be allowed as a target IP anymore in the Fetch specification, which defines how browsers should behave when doing HTTP requests.