0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

eqrlzo8t · September 20, 2024, 5:57am

DNS rebinding was indeed discussed a few years ago in uBO’s issue repo.

Btw, uBO has added ipaddress static network filter option which utilizes Firefox’ dns.resolve() and webRequest.onHeadersReceived.

Related commits:

https://github.com/gorhill/uBlock/commit/c6dedd253f
https://github.com/gorhill/uBlock/commit/030d7334e4
https://github.com/gorhill/uBlock/commit/6acf97bf51

Related filters:

https://github.com/uBlockOrigin/uAssets/blob/0b86acd1408e37f36c8b6b176f44c67c49796c0d/filters/privacy.txt#L1028
https://github.com/uBlockOrigin/uAssets/blob/0b86acd1408e37f36c8b6b176f44c67c49796c0d/filters/lan-block.txt#L107-L109

Some notes

The reason for additional webRequest.onHeadersReceived is because the IP result from extensions’ dns.resolve() (uBO, NoScript…) might be not the same as what browser would actually use at the end.

Some more reads at: Boosting Blind SSRF Attacks Using DNS Rebinding

The filters are available for Firefox and in dev build now. They could arrive when version 1.59.1+ is released.

Topic		Replies	Views
Arc Browser RCE Vulnerability (CVE-2024-45489) Off Topic	29	964	September 24, 2024
Chromium nightly is now blocking MV2 extensions Privacy	31	871	October 13, 2024
LibreWolf Browser - 2023 Revisit Tool Suggestions invalid	5	2493	August 2, 2023
uBlock Origin Lite maker ends Firefox store support Privacy software	15	1317	October 17, 2024
V2.27 Changelog discussion	0	724	October 15, 2022

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Related Topics