Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.os.linux > #80294

An 18-year-old browser exploit named The 0.0.0.0 Day Vulnerability leaves Linux laptops running Chromium & Firefox vulnerable

From Enrico Papaloma <enrico@papaloma.net>
Newsgroups alt.os.linux, alt.comp.software.firefox, alt.comp.os.windows-10
Subject An 18-year-old browser exploit named The 0.0.0.0 Day Vulnerability leaves Linux laptops running Chromium & Firefox vulnerable
Date 2024-08-08 17:33 -0700
Organization Gegeweb News Server
Message-ID <v93o5e$12pp$1@news.gegeweb.eu> (permalink)

Cross-posted to 3 groups.

Show all headers | View raw

An 18-year-old browser exploit leaves MacBooks and Linux laptops vulnerable
- but a fix is coming

On Wednesday, Microsoft updated the Microsoft Edge Security Updates page to
read:  "Microsoft is aware of the recent Chromium security fixes. We are
actively working on releasing a security fix."

https://www.laptopmag.com/laptops/an-18-year-old-browser-exploit-leaves-macbooks-and-linux-laptops-vulnerable-but-a-fix-is-coming

It affects Chromium, Firefox, and Safari on laptops running macOS and
Linux.

Sometimes, we've seen big companies take up to a few months to fix a
glaring bug, risk, or other issue within an OS or a browser, but usually,
issues are fixed within days or weeks. However, a vulnerability recently
brought up by Oligo Security has gone without a fix for much longer: 18
years.

It affects Chromium, Firefox, and Safari on laptops running macOS and
Linux.

This vulnerability - referred to by Oligo as the "0.0.0.0 Day"
vulnerability-allows for remote code execution via a local network through
a public website. And here's the scary part: it affects Chromium, Firefox,
and Safari on laptops running macOS and Linux.

Malicious websites can navigate through weak browser security, an issue
Oligo says "stems from the inconsistent implementation of security
mechanisms across different browsers, along with a lack of standardization
in the browser industry."

Oligo stumbled across a security issue reported to Mozilla in 2006 that's
still open today, unfixed, despite multiple major issues between then and
now. According to Oligo, "The bug report was closed, reopened, then
prioritized-and will now remain open until Firefox implements [Private
Network Access]."

Back to alt.os.linux | Previous | NextNext in thread | Find similar | Unroll thread

Thread

An 18-year-old browser exploit named The 0.0.0.0 Day Vulnerability leaves Linux laptops running Chromium & Firefox vulnerable Enrico Papaloma <enrico@papaloma.net> - 2024-08-08 17:33 -0700
  Re: An 18-year-old browser exploit named The 0.0.0.0 Day Vulnerability leaves Linux laptops running Chromium & Firefox vulnerable Jukka Lahtinen <jtfjdehf@hotmail.com.invalid> - 2024-08-10 00:12 +0300
    Re: An 18-year-old browser exploit named The 0.0.0.0 Day Vulnerability leaves Linux laptops running Chromium & Firefox vulnerable not@telling.you.invalid (Computer Nerd Kev) - 2024-08-12 08:41 +1000
      Re: An 18-year-old browser exploit named The 0.0.0.0 Day Vulnerability leaves Linux laptops running Chromium & Firefox vulnerable danmin@danminart-dot-com.no-spam.invalid (Danart) - 2024-08-29 10:57 +0000
  Re: An 18-year-old browser exploit named The 0.0.0.0 Day Vulnerability leaves Linux laptops running Chromium & Firefox vulnerable John McCue <jmccue@qball.jmcunx.com> - 2024-08-09 22:43 +0000

csiph-web