diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
index ff2e7863bf47..b9a7d170c174 100644
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -12444,6 +12444,13 @@
   value: true
   mirror: always
 
+# Disable requests to 0.0.0.0
+# See Bug 1889130
+- name: network.socket.ip_addr_any.disabled
+  type: RelaxedAtomicBool
+  value: @IS_EARLY_BETA_OR_EARLIER@
+  mirror: always
+
 # Set true to allow resolving proxy for localhost
 - name: network.proxy.allow_hijacking_localhost
   type: RelaxedAtomicBool
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index fe6109810ac8..92539f79e23a 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -241,6 +241,7 @@ static const char* gCallbackPrefsForSocketProcess[] = {
     "network.proxy.allow_hijacking_localhost",
     "network.connectivity-service.",
     "network.captive-portal-service.testMode",
+    "network.socket.ip_addr_any.disabled",
     nullptr,
 };
 
diff --git a/netwerk/base/nsSocketTransport2.cpp b/netwerk/base/nsSocketTransport2.cpp
index 89912169b211..d4c2b253e183 100644
--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@@ -1241,6 +1241,15 @@ nsresult nsSocketTransport::InitiateSocket() {
   if (gIOService->IsNetTearingDown()) {
     return NS_ERROR_ABORT;
   }
+
+  // Since https://github.com/whatwg/fetch/pull/1763,
+  // we need to disable access to 0.0.0.0 for non-test purposes
+  if (StaticPrefs::network_socket_ip_addr_any_disabled() &&
+      mNetAddr.IsIPAddrAny() && !mProxyTransparentResolvesHost) {
+    SOCKET_LOG(("connection refused NS_ERROR_CONNECTION_REFUSED\n"));
+    return NS_ERROR_CONNECTION_REFUSED;
+  }
+
   if (gIOService->IsOffline()) {
     if (StaticPrefs::network_disable_localhost_when_offline() || !isLocal) {
       return NS_ERROR_OFFLINE;
diff --git a/netwerk/test/unit/trr_common.js b/netwerk/test/unit/trr_common.js
index d65157edeee2..fb026216d97f 100644
--- a/netwerk/test/unit/trr_common.js
+++ b/netwerk/test/unit/trr_common.js
@@ -1027,6 +1027,7 @@ async function test_ipv4_trr_fallback() {
 async function test_no_retry_without_doh() {
   info("Bug 1648147 - if the TRR returns 0.0.0.0 we should not retry with DNS");
   Services.prefs.setBoolPref("network.trr.fallback-on-zero-response", false);
+  Services.prefs.setBoolPref("network.socket.ip_addr_any.disabled", false);
 
   async function test(url, ip) {
     setModeAndURI(2, `doh?responseIP=${ip}`);
@@ -1073,6 +1074,8 @@ async function test_no_retry_without_doh() {
     await test(`http://unknown.ipv4.stuff:666/path`, "0.0.0.0");
     await test(`http://unknown.ipv6.stuff:666/path`, "::");
   }
+
+  Services.prefs.clearUserPref("network.socket.ip_addr_any.disabled");
 }
 
 async function test_connection_reuse_and_cycling() {