This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firefox Blocks 0.0.0.0 IP Addresses: Tell Us What This Means To You!

smayya
Employee
Employee

‎01-28-2025 02:26 AM - last edited on ‎01-28-2025 05:20 AM by Community Manager

In response to 0.0.0.0 day, Firefox Nightly version 131 had introduced a new security measure: blocking access to 0.0.0.0/::/::ffff:0.0.0.0 addresses.

This change is currently live for Nightly users and will be gradually rolled out to all release users in the near future.

Before we implement this change across all Firefox releases, we would like to hear from our community. Are there any specific use cases where you rely on null IP addresses for internal browsing or other workflows? Your feedback will help us better understand how this update might impact you.

For those who would like to test this feature in release builds (starting with Firefox 131), you can enable the preference:
network.socket.ip_addr_any.disabled

We appreciate your input and look forward to hearing your thoughts. Thank you for helping us make Firefox safer for everyone!

2 REPLIES 2

Jakob_Bohm
Making moves

‎02-18-2025 10:07 AM

The article about 0.0.0.0 day shows a deep level of incompetence.  The inability of malicious websites to attack internal IP addresses (like 127.0.0.0/8) should not depend on the malicious websites or any other websites to willingly set any policy headers.  It needs to be a hard rule that can be changed only via about:config and/or settings dialogs.

Whatever nonsense Google posted to WhatWG, the rules that independent browsers like Firefox should implement should be specific and explicit: Anything not on a LAN IP (RFC1918 etc.) should be blocked from accessing LAN IPs.   Anything not on a localnet IP (fe80::/16, 169.254.0.0/16) should be blocked from accessing localnet IPs.  Anything not on a localhost IP (127.0.0.0/8, 0.0.0.0/8, ::1) should be blocked from accessing localnet IPs.  Each of these IETF-defined IP blocks should be considered part of the larger one for the purpose of these rules.  Optionally, the actual netblock of the local network configurations should be automagically added to the localnet category if the OS allows unprivileged browser code to know this info.  For config options, there should be options to turn off each of the 3 rules, and a 4th option to turn off import of local network blocks from OS network state .

0 Kudos
Copyright © 2025 Khoros, LLC