An gano wani rauni (CVE-2025-47154) a cikin injin LibJS JavaScript da aka yi amfani da shi a cikin mai binciken gidan yanar gizo na Ladybird, wanda ke ba da damar aiwatar da lambar al'ada a cikin tsarin lokacin sarrafa lambar JavaScript ta musamman. Rashin lahani yana faruwa ta hanyar 'yantar da ƙwaƙwalwar ajiya a cikin m_argument_values_buffer vector, wanda mai nuni ya kasance a cikin tsarin muhawara_list, wanda ya haifar da samun dama ga wurin ƙwaƙwalwar ajiya da aka riga an saki. Akwai samfurin aiki na amfani.
Mai binciken wanda ya gano matsalar ya yi gwajin gwaji na LibJS, wanda ya haifar da hadarurruka 10. Binciken daya daga cikin hadarurrukan ya nuna cewa ana iya amfani da matsalar wajen sarrafa lambar JavaScript. Rashin lahani ya ba da damar karantawa da rubutu zuwa wuraren ƙwaƙwalwar ajiya na sabani. An tsara kisa lambar a cikin cin gajiyar ta hanyar maye gurbin mai nunin dawowa daga aikin samarwa. Yin amfani da Shirye-shiryen Da Aka Komawa (ROP, ana yin amfani da shi daga sassan umarnin injin da ke ƙarewa tare da umarnin dawowa), an kafa sarkar don aiwatar da kiran tsarin aiwatarwa don ƙaddamar da aikace-aikacen waje.
Andreas Kling, wanda ya taba yin aiki a Nokia kuma ya kirkiro KHTML, shi ne ke kera wannan ladybird browser, sannan kuma a Apple yana daya daga cikin masu bunkasa Safari. A matakin ci gaba na yanzu, Ladybird yana cikin matakin pre-alpha, wanda ya dace don amfani da masu haɓakawa kawai. An ƙirƙiri aikin da farko azaman aikace-aikacen tsarin aiki na SerenityOS, amma lokacin bazarar da ta gabata an juya shi zuwa wani aikin daban kuma ya karɓi gudummawar dala miliyan 1. An rubuta mai binciken a cikin C++ (an yanke shawarar canzawa zuwa Swift) kuma ana rarraba shi ƙarƙashin lasisin BSD. Aikin yana haɓaka injin LibWeb na kansa, mai fassarar LibJS JavaScript da ɗakunan karatu masu alaƙa.
source: budenet.ru
