An 18-Year-Old Browser Bug is Finally Getting Fixed by Chrome, Firefox, and Safari

NEWS
By
9 August 2024
this security issue allows remote code execution via a local network through public websites
An 18-Year-Old Browser Bug is Finally Getting Fixed by Chrome, Firefox, and Safari
( Image credits: TechyMenia )

It’s not uncommon for significant companies to take several months to address bugs or vulnerabilities in operating systems or browsers. However, a security flaw highlighted by Oligo Security has remained unresolved for an astonishing 18 years.

This vulnerability, dubbed the “0.0.0.0 Day” by Oligo, permits remote code execution via a local network through public websites. Alarmingly, it impacts Chromium, Firefox, and Safari on macOS and Linux systems. Malicious websites can exploit weak browser security due to inconsistent security mechanisms across different browsers and a lack of industry standardization.

Oligo uncovered this issue, initially reported to Mozilla in 2006, which has lingered without a resolution. Despite several significant updates and prioritizations over the years, the bug remains open. Oligo notes, “The bug report was closed, reopened, then prioritized—and will now remain open until Firefox implements [Private Network Access].”

Google has announced plans to mitigate this issue in Chrome, the world’s most popular browser. They intend to block access to the 0.0.0.0 IP address before the full rollout of Private Network Access. This update began with Chromium 128, released in beta on July 24, and is expected to be fully deployed by Chrome 133.

Apple has already made “breaking changes to WebKit that block access to 0.0.0.0,” as documented on GitHub.

Mozilla’s approach remains uncertain. Although they have updated the Fetch specification to block the IP address and prioritized the implementation of Private Network Access, it has not yet been fully implemented. A Mozilla spokesperson explained to PCMag, “Imposing tighter restrictions comes with a significant risk of introducing compatibility problems.” They added, “As the standards discussion and work to understand those compatibility risks is ongoing, Firefox has not implemented any of the proposed restrictions.”

Meanwhile, Microsoft updated its Edge Security Updates page, stating, “Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security fix.”

There is optimism that this critical vulnerability, affecting all major browsers, will be resolved in the coming months, if not weeks. The collaborative efforts of these tech giants are essential in ensuring the safety and security of users worldwide.

Receive daily updates, inspiration, and exclusive deals delivered to your inbox.

Sign up to receive breaking news, reviews, opinions, top tech deals, and more.

By submitting your information, you agree to the Terms & Conditions and Privacy Policy and confirm you are 16 or older.

Share this page:

Copyright ©2024 TechyMenia. All Rights Reserved.

This article may include affiliate links. Please refer to our privacy policy for further details.

Related Articles

Today's NYT Strands Hints, Answers and Tips for Sept. 15, #196
Published 4 November 2024 –
By Landon Cole
Today's NYT Connections Hints, Answers and Tips for Sept. 15, #462
Published 4 November 2024 –
By Hina Takahashi
Today's Wordle Hints, Answer and Tips for Sept. 22 #1191
Published 4 November 2024 –
By Grayson Reed

About Author

More From TechyMenia