0.0.0.0 Day – 18-Year-Old Flaw Bypasses Browser Security

Threat actors frequently exploit browser flaws to gain unauthorized access and conduct various illicit activities. Recently, Oligo Security discovered a critical 18-year-old vulnerability, dubbed “0.0.0.0 day,” which bypasses all browser security measures.

All about the flaw

The “ow.night” vulnerability affects major browsers (Chromium, Firefox, Safari) on macOS and Linux, allowing external sites to interact with local software. This issue arises from inconsistent security implementations across browsers and a lack of industry standards.

This vulnerability lets malicious websites bypass browser security to interact with local network services, potentially enabling remote code execution and unauthorized access.

Attackers can use a benign 0.0.0.0 IP address to target local development services and internal networks. The urgency of this issue was highlighted by recent ShadowRay campaigns. Oligo researchers have informed major browser vendors, who have acknowledged the problem.

Standard modifications are underway, and browser-level mitigations to block 0.0.0.0 addresses are planned soon. However, due to the complexity and lack of a finalized standard, this vulnerability remains exploitable, allowing external websites to access localhost services.

This highlights the need for a unified browser industry standard to address this critical flaw and protect users from potential “0.0.0.0 Day” attacks. Initially, the issue arose from the Private Network Access (PNA) standard, which does not recognize 0.0.0.0 as a private IP address, enabling remote code execution by bypassing browser protections.

The deletion of restrictions allowed hackers to access local resources through public domains and bypass CORS protections, exploiting flaws in frameworks like Ray, Selenium Grid, and PyTorch TorchServe installed on localhost.

Researchers demonstrated unauthorized access and control of these local applications with a single HTTP request, highlighting the need for a standardized approach to secure local network access. Their responsible disclosure significantly contributed to fixing this vulnerability across various browsers, showcasing the importance of such practices in enhancing internet security.

Recommendations

Recommendations for Addressing the 0.0.0.0 Day Vulnerability:

1. Update all web browsers and local frameworks to their latest versions.
2. Apply browser-level mitigations to block or restrict 0.0.0.0 addresses.
3. Support the development of standardized security measures for local network access.
4. Regularly audit and monitor local network services for unauthorized access.
5. Educate users and developers about the vulnerability and protective measures.
6. Engage in responsible disclosure and report vulnerabilities to relevant parties.
7. Review and enhance security practices related to local network access.
8. Implement checks on HOST headers to guard against DNS rebinding attacks

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!