Masu haɓaka Mozilla sun fito da sabbin nau'ikan masu binciken yanar gizo na Firefox 74.0.1 da Firefox ESR 68.6.1. An shawarci masu amfani da su sabunta burauzar su, saboda nau'ikan da aka bayar suna gyara lahani na kwana biyu wanda masu kutse ke amfani da su a aikace.
Muna magana ne game da raunin CVE-2020-6819 da CVE-2020-6820 masu alaƙa da yadda Firefox ke sarrafa sararin ƙwaƙwalwar ajiya. Waɗannan su ne abin da ake kira raunin amfani bayan-kyauta kuma suna ƙyale masu kutse su sanya code na sabani a cikin ƙwaƙwalwar Firefox don aiwatarwa a cikin mahallin mai binciken. Ana iya amfani da irin wannan lahanin don aiwatar da lamba daga nesa akan na'urorin da aka azabtar.
Ba a bayyana cikakkun bayanai game da ainihin hare-haren ta hanyar amfani da raunin da aka ambata ba, wanda al'ada ce ta gama gari tsakanin masu siyar da software da masu binciken tsaro na bayanai. Wannan shi ne saboda gaskiyar cewa dukkansu yawanci suna mai da hankali ne kan kawar da matsalolin da aka gano da sauri da kuma isar da gyare-gyare ga masu amfani, kuma bayan haka ne ake gudanar da cikakken bincike kan hare-hare.
Bisa ga bayanan da ake da su, Mozilla za ta binciki hare-haren ta hanyar amfani da wadannan raunin tare da kamfanin tsaro na JMP Security da kuma mai bincike Francisco Alonso, wanda ya fara gano matsalar. Mai binciken ya ba da shawarar cewa lahanin da aka gyara a cikin sabuwar sabuntawa ta Firefox na iya shafar sauran masu binciken, kodayake babu wasu sanannun lokuta inda masu satar bayanai suka yi amfani da kurakuran a cikin masu binciken gidan yanar gizo daban-daban.
source: 3dnews.ru