About 0.0.0.0 Day and ZeroTest
+What is 0.0.0.0 Day?
+0.0.0.0 Day is a browser vulnerability that allows public Web sites (like this one) to make HTTP requests to services running on the local machine, even if they listen only on 127.0.0.1
(aka localhost
). It works because major browsers, while blocking HTTP requests directly to 127.0.0.1
, allow requests to 0.0.0.0
, which is also routed to the local host — achieving the same thing.
Doesn't the same-origin policy (SOP) block this?
+Partially. SOP will stop the public site from receiving the response content from requests to other origins, but does not stop it from sending such requests; it cannot, because the browser must send the request to be able to check for cross-origin resource sharing (CORS) headers.
+In some cases, simply sending a request, without receiving the response content, is sufficient for an arbitrary code execution attack against a service listening on 127.0.0.1
. At minumum, it allows for a port scan of the local machine. The latter method is what ZeroTest uses for testing.
Specifically, ZeroTest uses the fetch
API's no-cors
mode to check only whether the request succeeded without getting the response.
ZeroTest shows that I have ports open. What should I do?
+It would be a good idea to install uBlock Origin, a general-purpose content blocker which stops 0.0.0.0 Day and is available for most major browsers, or the special-purpose Stop PNA extension, currently only available for Firefox, which blocks only local IP addresses, including 0.0.0.0
. If you install either extension and run ZeroTest again, you should see zero ports open.
ZeroTest shows that I do not have any ports open. Am I safe?
+Probably. This means that your browser is not vulnerable, you have an extension blocking requests to 0.0.0.0
, or there are no ports open on your machine. In any of these cases, you are currently safe, and in the first two, there is no need for any fix. However, it is still a good idea to install one of the extensions mentioned above; if the reason ZeroTest shows no accessible ports is simply that there are presently none open, then you could still be vulnerable to an attack if some program on your computer opens a port in the future.
ZeroTest shows a port as having "Timed out." Is it open or closed?
+Your browser did not receive a valid response to ZeroTest's request to this port, or the response took more than a few seconds. Usually, this means the port is open, but the program listening on it is not responding or does not "speak" HTTP. Occasionally, severe lag can cause it to show on ports that are actually closed, so you may want to run the scan again to double-check. As a rule, however, timed-out ports are open, and this is how ZeroTest counts them in the summary of the result.
+Run the test
+ +ZeroTest may take several minutes to scan all ports. Your browser may be slow while the test is running.
+ + +