Localhost Detour from Public to Private Networks

This paper presents a new localhost browser based vulnerability and corresponding attack that opens the door to new attacks on private networks and local devices. We show that this new vulnerability may put hundreds of millions of internet users and their IoT devices at risk. Following the attack presentation, we suggest three new protection mechanisms to mitigate this vulnerability. This new attack bypasses recently suggested protection mechanisms designed to stop browser-based attacks on private devices and local applications [18, 20].