this post was submitted on 08 Aug 2024
20 points (95.5% liked)

Pulse of Truth

400 readers
62 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 10 months ago
MODERATORS
[email protected]
20
Researchers: hackers have used an 18-year-old flaw in how Safari, Chrome, and Firefox on macOS handle queries to a 0.0.0.0 IP address to breach private networks (Thomas Brewster/Forbes) (www.techmeme.com)
submitted 1 month ago by [email protected] to c/[email protected]
4 comments fedilink hide all child comments
 

Thomas Brewster / Forbes: Researchers: hackers have used an 18-year-old flaw in how Safari, Chrome, and Firefox on macOS handle queries to a 0.0.0.0 IP address to breach private networks  —  Weaknesses in Chrome, Firefox and Safari gave hackers a route into internal networks, even those protected by firewalls, security researchers warn.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 month ago (1 children)

anything those of us on linux should do in the meantime, or is this solely left up to which browser one uses?

[–] [email protected] 2 points 1 month ago (1 children)

Reading the article from the researchers it looks like these requests are specifically made using JavaScript, so maybe disable it? Maybe there’s a way to block JavaScript from making any requests of 0.0.0.0? Or start using a Chromium browser? It’s going to start rolling out as a trial beginning with version 128 and expected to be shipping by version 133. There’s been an open bug report for this in Firefox since 2006 but there’s been a debate about whether it was really an issue or not so it was closed and reopened several times and it sounds like they might have to add support for a whole new protocol that’s only a proposal and not a W3C standard or even on the standards track. I’m guessing this might not be fixed in Firefox very quickly.

[–] [email protected] 1 points 1 month ago

If I use a browser based on Firefox (like Waterfox, Librewolf, or Ghostery) would that browser need to wait for Mozilla to fix it and inherit their fix, or could they address it in their own version of Firefox?