Mozilla yalengeza kutsirizidwa kwa kafukufuku wodziyimira pawokha wa pulogalamu yamakasitomala yolumikizana ndi ntchito ya Mozilla VPN. Kafukufukuyu adaphatikizanso kusanthula kwa pulogalamu yamakasitomala yoyima yokha yolembedwa pogwiritsa ntchito laibulale ya Qt komanso kupezeka kwa Linux, macOS, Windows, Android ndi iOS. Mozilla VPN imayendetsedwa ndi maseva opitilira 400 a Swedish VPN provider Mullvad, omwe ali m'maiko opitilira 30. Kulumikizana ndi ntchito ya VPN kumapangidwa pogwiritsa ntchito protocol ya WireGuard.
Kafukufukuyu adachitidwa ndi Cure53, yomwe nthawi ina inkafufuza ntchito za NTPsec, SecureDrop, Cryptocat, F-Droid ndi Dovecot. Kufufuzaku kudakhudza kutsimikizika kwa magwero a magwero ndikuphatikizanso mayeso kuti azindikire zovuta zomwe zingatheke (nkhani zokhudzana ndi cryptography sizinaganiziridwe). Pakafukufukuyu, nkhani zachitetezo 16 zidadziwika, 8 mwazomwe zidalangizidwa, 5 zidayikidwa pachiwopsezo chochepa, awiri adapatsidwa gawo lapakati, ndipo m'modzi adapatsidwa ngozi yayikulu.
Komabe, vuto limodzi lokha lokhala ndi kukhwima kwapakatikati ndilomwe linali losatetezeka, chifukwa ndilokhalo lomwe linali logwiritsidwa ntchito. Nkhaniyi idapangitsa kuti chidziwitso cha kagwiritsidwe ntchito ka VPN chitsike mu code yodziwikiratu zomwe zili pachipata chifukwa cha zopempha zachindunji za HTTP zosabisika zomwe zidatumizidwa kunja kwa msewu wa VPN, kuwulula adilesi yayikulu ya IP ngati wowukirayo atha kuwongolera kuchuluka kwa magalimoto. Vutoli limathetsedwa ndikuyimitsa mawonekedwe a portal ogwidwa muzokonda.
Vuto lachiwiri la kukhwima kwapakatikati limalumikizidwa ndi kusowa kwa kuyeretsa koyenera kwa ziwerengero zosawerengeka mu nambala ya doko, zomwe zimalola kutayikira kwa magawo otsimikizika a OAuth posintha nambala ya doko ndi chingwe ngati "[imelo ndiotetezedwa]", zomwe zipangitsa kuti tag iyikidwe[imelo ndiotetezedwa]/?code=..." alt=""> kulowa example.com m'malo mwa 127.0.0.1.
Nkhani yachitatu, yomwe ili ndi mbiri yowopsa, imalola pulogalamu iliyonse yam'deralo popanda kutsimikizika kuti ipeze kasitomala wa VPN kudzera pa WebSocket yomangidwa ku localhost. Mwachitsanzo, zikuwonetsedwa momwe, ndi kasitomala wokhazikika wa VPN, tsamba lililonse lingakonzekere kupanga ndi kutumiza chithunzithunzi popanga chochitika cha screen_capture. Vutoli silimayikidwa ngati chiwopsezo, popeza WebSocket idagwiritsidwa ntchito popanga zoyeserera zamkati zokha ndipo kugwiritsa ntchito njira yolumikiziranayi kunakonzedwa mtsogolomo kuti akonzekere kuyanjana ndi owonjezera osatsegula.
Source: opennet.ru