0.0.0.0 Day: Vulnerability Affecting MacOS and Linux Devices Discovered by 18-Year-Old

AndyC 9 August 2024

Aug 08, 2024Ravie LakshmananVulnerability / Browser Security

A modern “0.0.0.0 Day” has recently been found affecting prominent web browsers, which can be exploited by malevolent websites to infiltrate local networks.

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Aug 08, 2024Ravie LakshmananVulnerability / Browser Security

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

A modern “0.0.0.0 Day” has recently been found affecting prominent web browsers, which can be exploited by malevolent websites to infiltrate local networks.

As per Oligo Security researcher Avi Lumelsky, this significant flaw “lays bare a fundamental weakness in how browsers manage network requests, potentially granting unauthorized entry to crucial services operating on local devices.”

The Israeli firm specializing in application security pointed out that the consequences of this vulnerability are extensive, resulting from the uneven application of security protocols and the absence of uniformity among various browsers.

Cybersecurity

This seemingly harmless IP address, 0.0.0.0, can be weaponized to exploit local services, opening the door to unauthorized entry and remote code execution by external attackers. This vulnerability has persisted since 2006.

The 0.0.0.0 Day affects Google Chrome/Chromium, Mozilla Firefox, and Apple Safari, enabling external websites to interact with local software on MacOS and Linux. Windows devices are unaffected, as Microsoft blocks this IP address at the operating system level.

Specifically, Oligo Security uncovered that public websites with domain names ending in “.com” can communicate with services running on the local network and run arbitrary code on the visitor’s system by leveraging the 0.0.0.0 address instead of localhost/127.0.0.1.

Browser Vulnerability

This vulnerability serves as a circumvention of Private Network Access (PNA), which aims to prevent direct access from public websites to endpoints within private networks.

Any application hosted on localhost that is accessible via 0.0.0.0 is prone to remote code execution, including local Selenium Grid instances that can be exploited by dispatching a POST request to 0.0.0[.]0:4444 with a tailored payload.

Cybersecurity

In light of the discovery in April 2024, web browsers are poised to prohibit access to 0.0.0.0 entirely, thereby discontinuing direct access from public websites to private network endpoints.

“When services make use of localhost, they presume a restricted environment,” Lumelsky noted. “This presumption, which, as evidenced by this vulnerability, can be erroneous, leads to insecure server configurations.”

“By combining 0.0.0.0 with the ‘no-cors’ mode, attackers can leverage public domains to target services running on localhost and even achieve arbitrary code execution (RCE) with just a single HTTP request.”

Found this article engaging? Follow us on Twitter and LinkedIn for more exclusive content.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

AndyC 19 December 2025

You may have missed

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.