Ukukhutshwa kokugcinwa kweFirefox 101.0.1 kuyafumaneka, okuphawuleka ngokomeleza ukubekwa wedwa kwebhokisi yesanti kwiqonga leWindows. Inguqulelo entsha yenza, ngokungagqibekanga, ivalela ukufikelela kwiWin32k API (i-Win32 GUI components esebenza kwinqanaba le-kernel) kwiinkqubo zomxholo ezizimeleyo. Olu tshintsho lwenziwe phambi kokhuphiswano lwePwn2Own 2022, oluya kuqhubeka ngoMeyi 18-20. Abathathi-nxaxheba be-Pwn2Own baya kubonisa iindlela zokusebenza zokusebenzisa ubuthathaka obungaziwa ngaphambili kwaye, ukuba baphumelele, baya kufumana umvuzo oncomekayo. Umzekelo, iprimiyamu yokudlula ukubekwa wedwa kwebhokisi yesanti kwiFirefox kwiqonga leWindows li-100 lamawaka eedola.
Olunye utshintsho lubandakanya ukulungisa umba kunye nemibhalo engezantsi ebonisa kwimowudi yomfanekiso-kwisithombe xa usebenzisa iNetflix, kunye nokulungisa umcimbi apho eminye imiyalelo yayingafumaneki kwifestile yomfanekiso-kwisithombe.
Ukongeza, kuxelwe ukuba iimfuno ezintsha zongezwe kwimithetho yokugcina isiqinisekiso sengcambu ye-Mozilla. Utshintsho, olujolise ekulungiseni ezinye zeentsilelo zokurhoxiswa kwesatifikethi seseva ye-TLS kudala zibonwa, ziya kuqala ukusebenza nge-1 kaJuni.
Utshintsho lokuqala lubandakanya ukubalwa kweekhowudi ezinezizathu zokurhoxiswa kwesatifikethi (RFC 5280), apho abasemagunyeni bezatifikethi baya kuthi, kwezinye iimeko, babonise xa kuthe kwarhoxiswa isatifikethi. Ngaphambili, abanye abasemagunyeni bezatifikethi abazange bathumele idatha enjalo okanye bayinikeze ngokusemthethweni, nto leyo eyenza kube nzima ukulandelela izizathu zokurhoxisa izatifikethi zeseva. Ngoku, ukugqitywa ngokuchanekileyo kweekhowudi zokurhoxiswa kweziqinisekiso (CRLs) kuya kuba sinyanzeliso kwaye kuya kusivumela ukuba sahlule iimeko ezinxulumene nokuthotyelwa kwezitshixo kunye nokwaphulwa kwemithetho yokusebenza kunye nezatifikethi ezivela kumatyala angakhuselekanga, njengokutshintsha ulwazi malunga ne umbutho, ukuthengisa isizinda, okanye ukubuyisela isatifikethi ngaphambi kweshedyuli.
Utshintsho lwesibini lubophelela abasemagunyeni bezatifikethi ukuba bagqithisele ii-URL ezipheleleyo zoluhlu lokurhoxiswa kwesatifikethi (CRLs) kwingcambu kunye nesiseko sedatha yesatifikethi esiphakathi (CCDB, Isiseko sedatha yeSatifikethi esiQhelekileyo seCA). Utshintsho luyakwenza ukuba kuthathelwe ingqalelo ngokupheleleyo zonke izatifikethi ze-TLS ezirhoxisiweyo, kunye nokulayisha kwangaphambili idatha epheleleyo malunga nezatifikethi ezirhoxisiweyo kwiFirefox, enokusetyenziselwa ukuqinisekiswa ngaphandle kokuthumela isicelo kwiiseva zabasemagunyeni bezatifikethi ngexesha le-TLS. inkqubo yokuseta uqhagamshelwano.
umthombo: opennet.ru