Gyaran sakewar Firefox 100.0.2, Firefox ESR 91.9.1 da Thunderbird 91.9.1 an buga su, suna gyara lahani biyu da aka ƙididdige su da mahimmanci. A gasar Pwn2Own 2022 da ke gudana kwanakin nan, an nuna cin gajiyar aiki wanda ya ba da damar keɓance keɓewar akwatin sand yayin buɗe shafi na musamman da aiwatar da lamba a cikin tsarin. An bai wa marubucin wannan almubazzaranci kyautar dala dubu 100.
Rashin lahani na farko (CVE-2022-1802) yana kasancewa a cikin aiwatar da mai aiki mai jiran aiki kuma yana ba da damar hanyoyin da ke cikin abubuwan Array su lalata su ta hanyar canza kayan samfuri ("ƙirar gurɓataccen samfur"). Rashin lahani na biyu (CVE-2022-1529) yana ba da damar canza kayan samfuri lokacin sarrafa bayanan da ba a tabbatar da su ba yayin zayyana abubuwan JavaScript. Rashin lahani yana ba da damar aiwatar da lambar JavaScript a cikin tsarin iyaye masu gata.
source: budenet.ru