Kuburitswa kwekugadzirisa kweFirefox 101.0.1 kunowanikwa, kunokosha pakusimbisa kuparadzaniswa kwebhokisi rejecha paWindows platform. Iyo vhezheni nyowani inogonesa, nekusarudzika, kuvharira kupinda kune iyo Win32k API (Win32 GUI zvikamu zvinomhanya pa kernel level) kubva kune yakasarudzika yemukati maitiro. Shanduko iyi yakaitwa pamberi pemakwikwi ePwn2Own 2022, achaitika Chivabvu 18-20. Pwn2Own vatori vechikamu vacharatidza nzira dzekushanda dzekushandisa kusazvibata kwaimbozivikanwa uye, kana vakabudirira, vanowana mibairo inokatyamadza. Semuenzaniso, iyo premium yekupfuura sandbox yekuzviparadzanisa muFirefox paWindows platform i100 zviuru zvemadhora.
Dzimwe shanduko dzinosanganisira kugadzirisa nyaya ine ma subtitles anoratidza mumufananidzo-mu-pikicha modhi kana uchishandisa Netflix, uye kugadzirisa nyaya apo mimwe mirairo yanga isingawanikwe mumufananidzo-mu-pikicha hwindo.
Pamusoro pezvo, zvinoshumwa kuti zvitsva zvinodikanwa zvakawedzerwa kumitemo yekuchengetedza midzi yeMozilla. Shanduko idzi, idzo dzine chinangwa chekugadzirisa dzimwe dzakaonekwa kwenguva refu TLS server seti kutadza kudzoserwa, dzichatanga kushanda muna Chikumi 1.
Shanduko yekutanga ine chekuita nekuverengerwa kwemakodhi nezvikonzero zvekubvisirwa zvitupa (RFC 5280), izvo zviremera zvezvitupa zvino, mune dzimwe nguva, zvichadikanwa kuratidza kana chitupa chabviswa. Pakutanga, zvimwe zviremera zvezvitupa hazvina kuendesa data rakadaro kana kuripa zviri pamutemo, izvo zvakaita kuti zviome kutevedzera zvikonzero zvekubvisa zvitupa zveseva. Ikozvino, kupedzwa chaiko kwemakodhi ezvikonzero muzvinyorwa zvekubvisa zvitupa (CRLs) zvichave zvinosungirwa uye zvichatitendera kuparadzanisa mamiriro ane chekuita nekukanganisa makiyi uye kutyorwa kwemitemo yekushanda nezvitupa kubva kune zvisiri zvekuchengetedza, sekuchinja ruzivo nezve sangano, kutengesa dura, kana kutsiva chitupa pamberi pehurongwa.
Shanduko yechipiri inosungira zviremera zvechitupa kuendesa iwo akazara maURL ezvitupa zvekubvisa zvitupa (CRLs) kumudzi uye wepakati chitupa dhatabhesi (CCADB, Common CA Certificate Database). Shanduko iyi ichaita kuti zvikwanise kunyatso funga zvese zvakabviswa zvitupa zveTLS, pamwe nekutanga kurodha data rakazara nezve zvitupa zvakabviswa muFirefox, inogona kushandiswa kuoneswa pasina kutumira chikumbiro kumaseva ezviremera zvitupa panguva yeTLS. kubatanidza setup process.
Source: opennet.ru