A year-old security oversight has been addressed in basically all browsers — Chromium-based browsers, including Microsoft Edge and Google Chrome, WebKit browsers such as Apple's Safari and Mozilla's Firefox.
Saturday Security Stories: The 2006 0.0.0.0 Day Browser Vulnerability
It can—and reportedly has—been exploited by bad guys to gain access to software services they shouldn't have access to. It affects the aforementioned browsers on macOS and Linux – and possibly others – but at least not on Windows.
A company called Oligo Security flagged the vulnerability this month and named it a 0.0.0.0 day because it involves the 0.0.0.0 IPv4 address. And it seems that at least some attackers have been exploiting this flaw since at least the late 2000s – judging by this Mozilla Bugzilla thread from that era, which is still listed as open.
According to Oligo, each of the three browsers' teams has promised to block all access to 0.0.0.0 and also impose their own restrictions to close the localhost loophole.
