Maarj 23, 2020, Mashruuca Tor waxa uu soo saaray cusboonaysiin Tor Browser oo loo beddelay nooca 9.0.7, kaas oo hagaajiya arrimaha amniga ee router-ka Tor oo si weyn u beddela hab-dhaqanka browserka marka uu dooranayo heerka dejinta ugu ammaansan (ugu ammaansan).
Heerka ugu ammaansan macnaheedu waa JavaScript waa naafo dhammaan goobaha. Si kastaba ha ahaatee, arrin ku jirta wax-ku-darka NoScript awgeed, xaddidan hadda waa laga gudbi karaa. Ka-hortag ahaan, horumarinta Tor Browser waxay ka dhigeen wax aan suurtagal ahayn in JavaScript uu shaqeeyo marka la dhigo heerka ugu sarreeya ee amniga.
Tani waxay jebin kartaa waayo-aragnimada Tor Browser ee dhammaan isticmaalayaasha leh qaabka ugu sarreeya ee amniga ee karti leh, maadaama aysan hadda suurtogal ahayn in JavaScript loo furo goobaha NoScript.
Haddii aad u baahan tahay inaad soo celiso habdhaqankii browserka hore, ugu yaraan si ku meel gaar ah, waxaad ku samayn kartaa gacanta, sida soo socota:
- Fur tab cusub
- Ku qor about:config ee ciwaanka ciwaanka oo tabo Gelida
- Barta raadinta ee ku hoos jirta ciwaanka ciwaanka gal: javascript.enabled
- Laba jeer ku dhufo xariiqa soo hadhay, goobta "Qiimaha" waa in ay ka beddeshaa been oo run
Isku xirka shabakada Tor ee ku dhex jira ayaa la cusboonaysiiyay nooca 0.4.2.7. Dhaliilaha soo socda ayaa lagu saxay nooca cusub:
- Cilad go'an (CVE-2020-10592) oo u ogolaatay qof kasta inuu ku qaado weerar DoS ah server-ka relay ama rootiga rootiga, taasoo keenaysa culeys badan oo CPU ah, ama weerar ka imaanaya server-yada tusaha laftooda (ma ahan kuwa xididka kaliya), taasoo keentay culeyska CPU isticmaalayaasha shabakadaha caadiga ah.
Culayska xad dhaafka ah ee CPU ayaa si cad loo isticmaali karaa in lagu bilaabo weerarrada wakhtiga, iyadoo gacan ka geysanaysa in magac la'aanta isticmaalayaasha ama adeegyada qarsoon. - Go'an CVE-2020-10593, kaas oo sababi kara daadinta xusuusta fog taasoo horseedi karta dib u isticmaalka silsilad duugowday
- Khaladaadka iyo khaladaadka kale
Source: linux.org.ru