Ana samun sakin ci gaba na Firefox 101.0.1, sananne don ƙarfafa warewar akwatin sandbox akan dandalin Windows. Sabuwar sigar tana ba da damar, ta tsohuwa, toshe damar shiga API ɗin Win32k (Win32 GUI abubuwan da ke gudana a matakin kernel) daga keɓantattun hanyoyin sarrafa abun ciki. Canjin an yi shi ne gabanin gasar Pwn2Own 2022, wanda za a yi a ranar 18-20 ga Mayu. Mahalarta Pwn2Own za su nuna dabarun aiki don cin gajiyar raunin da ba a san su ba kuma, idan sun yi nasara, za su sami lada mai ban sha'awa. Misali, ƙimar keɓancewar akwatin sandbox a Firefox akan dandamalin Windows shine $ 100 dubu.
Sauran canje-canje sun haɗa da gyara wani batu tare da fassarar fassarar da ke nunawa a cikin hoto-in-hoto lokacin amfani da Netflix, da kuma gyara wani batu inda wasu umarni ba su samuwa a cikin hoton hoto.
Bugu da ƙari, an ba da rahoton cewa an ƙara sabbin buƙatu zuwa ƙa'idodin ajiya na takaddun shaida na Mozilla. Canje-canjen, waɗanda ke nufin magance wasu gazawar sokewar takardar shaidar uwar garken TLS da aka daɗe ana gani, za su fara aiki a ranar 1 ga Yuni.
Canjin farko ya shafi lissafin lambobin lambobin tare da dalilan soke takardar shedar (RFC 5280), wanda hukumomin takaddun shaida za a yanzu, a wasu lokuta, za a buƙaci su nuna a yayin da aka soke takardar shedar. A baya, wasu hukumomin ba da izini ba su aika irin waɗannan bayanan ba ko sanya su a hukumance, wanda ya sa ya yi wahala a gano dalilan soke takaddun sabar. Yanzu, daidai kammala lambobin dalilai a cikin jerin sokewar takardar shaidar (CRLs) zai zama wajibi kuma zai ba mu damar raba yanayi da suka danganci daidaita maɓalli da keta dokokin aiki tare da takaddun shaida daga shari'o'in da ba na tsaro ba, kamar canza bayanai game da ƙungiya, sayar da yanki, ko maye gurbin takaddun shaida gaba da jadawalin.
Canji na biyu ya wajabta hukumomin takaddun shaida don aika cikakkun URLs na lissafin soke takardar shedar (CRLs) zuwa tushen da matsakaicin bayanan takardar shedar (CCCADB, Babban Database Certificate na CA). Canjin zai ba da damar yin la'akari da duk takaddun shaida na TLS da aka soke, da kuma shigar da ƙarin cikakkun bayanai game da takaddun takaddun da aka soke zuwa Firefox, waɗanda za a iya amfani da su don tabbatarwa ba tare da aika buƙatu ga sabar hukumomin takaddun shaida ba yayin TLS. tsarin saitin haɗin haɗi.
source: budenet.ru