[Bug 280705] 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 09 Aug 2024 23:05:34 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280705

--- Comment #5 from Eirik Oeverby <ltning-freebsd@anduin.net> ---
(In reply to paul vixie from comment #4)
I don't think that's a concern any longer, is it?
The reason I'm even reporting this as a bug (and not simply leaving it to
browser vendors to fix since that's how this surfaced now) is how it completely
blindsides anyone who might come across it, and I would not be surprised if a
plethora of new attack vectors - having nothing to do with browsers - crop up
in the near future. 

I don't have a firm understanding of how bad it might be, but it might be worth
a security advisory. Then again, I might be seeing ghosts in broad daylight.

(Well, a ghost it is, I guess..)

-- 
You are receiving this mail because:
You are the assignee for the bug.