Comment by nojvek
6 years ago
Yes, but blocking browser access to localhost from non localhost pages would stop the attack by simply visiting a webpage.
It’s as much the fault of browsers for leaving the hole as Zoom for doing a shady job exploiting it.
Very disappointed at Mozilla for their meh response.
They have a web server on your machine. If the browsers did that, they would find some other way to handle this since they have a server running on your computer.
I don't think the browser vendors are to blame here.