Ngomhla wama-23 kuMatshi ka-2020, iProjekthi yeTor ikhuphe uhlaziyo lweTor Browser kwinguqulelo 9.0.7, elungisa imiba yokhuseleko kwirouter yeTor kwaye itshintshe kakhulu indlela esiziphethe ngayo isikhangeli xa ukhetha elona nqanaba likhuselekileyo (Elona likhuselekileyo).
Elona nqanaba likhuselekileyo lithetha ukuba iJavaScript ivaliwe ngokungagqibekanga kuzo zonke iisayithi. Nangona kunjalo, ngenxa yomba kwi-NoScript add-on, lo mda unokugqithiswa okwangoku. Njengendlela yokusebenza, abaphuhlisi beTor Browser benze ukuba kube nzima ukuba iJavaScript isebenze xa isetelwe kwelona nqanaba lokhuseleko liphezulu.
Oku kunokwaphula amava eSikhangeli seTor kubo bonke abasebenzisi abaneyona ndlela yokhuseleko iphezulu enikwe amandla, njengoko kungasakwazi ukwenza iJavaScript ngokusebenzisa useto lweNoScript.
Ukuba ufuna ukubuyisela ukuziphatha kwebrawuza yangaphambili, ubuncinci okwethutyana, ungayenza ngesandla, ngolu hlobo lulandelayo:
- Vula ithebhu entsha.
- Chwetheza malunga: config kwibar yedilesi kwaye ucinezele Ngena.
- Kwibar yokukhangela phantsi kwebar yedilesi faka: javascript.enabled
- Cofa kabini kumgca oseleyo, indawo ethi "Ixabiso" kufuneka itshintshe ukusuka kubuxoki ukuya kwinyani
Umzila womnatha weTor eyakhelwe-ngaphakathi uhlaziywe kwinguqulo 0.4.2.7. Ezi ntsilelo zilandelayo zilungisiwe kwinguqulelo entsha:
- Ukulungiswa kwe-bug (CVE-2020-10592) evumela nabani na ukuba enze uhlaselo lwe-DoS kwi-relay okanye i-root directory server, ebangela ukugcwala kwe-CPU, okanye uhlaselo oluvela kwiiseva zolawulo ngokwazo (kungekhona nje iingcambu), ezibangela ukuba i-CPU ilayishwe kakhulu. abasebenzisi benethiwekhi abaqhelekileyo.
Ukugqithiswa kwe-CPU ekujoliswe kuyo kunokusetyenziselwa ukuqalisa uhlaselo lwexesha, ukunceda ukususa amagama abasebenzisi okanye iinkonzo ezifihliweyo. - I-CVE-2020-10593 elungisiweyo, enokubangela ukuvuza kwememori okude okunokukhokelela ekusebenziseni kwakhona ikhonkco eliphelelwe lixesha.
- Ezinye iimpazamo kunye nezinto ezishiyiweyo
umthombo: linux.org.ru