Bayan fitar da Firefox 67.0.3 da 60.7.1 ƙarin gyara gyara 67.0.4 da 60.7.2, wanda ya kawar da na biyu 0-day (CVE-2019-11708), wanda ke ba ku damar ketare hanyar keɓewar akwatin sandbox. Batun yana amfani da magudin IPC Prompt:Buɗe kira don buɗewa, a cikin tsarin iyaye wanda ba a cikin akwati ba, abun cikin yanar gizo da tsarin yaro ya zaɓa. Lokacin da aka haɗa shi da wani rauni, wannan batu zai iya ƙetare duk matakan kariya kuma ya ba da damar yin amfani da lambar akan tsarin.
An gano rashin lahani a cikin sakin Firefox biyu na ƙarshe kafin a gyara su don tsara wani hari a kan ma'aikatan Coinbase musayar cryptocurrency, kazalika don rarraba malware don dandamali na macOS. Wani memba na Google Project Zero ya aika da bayanin game da raunin farko zuwa Mozilla a ranar 15 ga Afrilu da 10 ga Yuni. a cikin nau'in beta na Firefox 68 (watakila maharan sun bincika gyaran da aka buga kuma sun shirya wani amfani, suna cin gajiyar wani rauni don keɓance keɓewar akwatin sandbox).
source: budenet.ru