Post Syndicated from corbet original https://lwn.net/Articles/984838/

The Oligo Security blog discloses
a web-browser vulnerability that has been named “0.0.0.0 day”. In short,
browsers will allow JavaScript code to open connections to the all-zeroes
IPv4 address; the result is that any port that is open on the local host
can be accessed by a remote site. “When services use localhost, they
assume a constrained environment. This assumption, which can (as in the
case of this vulnerability) be faulty, results in insecure server
implementations.“