Inkampani yeMozilla mayelana nokwandisa isinyathelo sokukhokha imiklomelo yemali yokuhlonza izinkinga zokuphepha kuFirefox. Ngokungeziwe ezingozini eziqondile, uhlelo lwe-Bug Bounty manje seluzohlanganisa izindlela zokudlula esipheqululini ezivimbela ukuxhashazwa ukuthi kusebenze.
Izindlela ezinjalo zihlanganisa isistimu yokuhlanza izingcezwana ze-HTML ngaphambi kokusetshenziswa esimweni esikhethekile, ukwabelana ngenkumbulo yamanodi e-DOM neyunithi yezinhlamvu/ArrayBuffers, ukuvimbela i-eval() kumongo wesistimu nenqubo yomzali, ukusebenzisa imikhawulo eqinile ye-CSP (Inqubomgomo Yokuphepha Kokuqukethwe) enkonzweni β mayelanaβ namakhasi :", avimbela ukulayishwa kwamakhasi ngaphandle kwe-"chrome://", "resource://" kanye "mayelana:" nenqubo yomzali, evimbela ukusetshenziswa kwekhodi ye-JavaScript yangaphandle enqubweni yomzali, ukudlula ilungelo izindlela zokuhlukanisa (ezisetshenziselwa ukwakha isiphequluli esibonakalayo) kanye nekhodi ye-JavaScript engalungile. Isibonelo sephutha elifaneleka ukukhokhelwa iholo elisha yilesi: ibheka i-eval() kuchungechunge lwe-Web Worker.
Ngokukhomba ubungozi kanye nokudlula izindlela zokuvikela ukuxhashazwa, umcwaningi uzokwazi ukuthola u-50% ongeziwe womvuzo oyisisekelo, ngokuba sengozini okuhlonziwe (isibonelo, ngokuba sengozini kwe-UXSS edlula i- , ungathola u-$7000 kanye nebhonasi engu-$3500). Kuyaphawuleka ukuthi ukunwetshwa kohlelo lwesinxephezelo somcwaningi ozimele kuvela ngemuva kwakamuva 250 abasebenzi baseMozilla, ngaphansi kwayo lonke ithimba labaphathi be-Treat, elalibambe iqhaza ekuhlonzeni nasekuhlaziyeni izehlakalo, kanjalo Ithimba lezokuphepha.
Ngaphezu kwalokho, kubikwa ukuthi imithetho yokusebenzisa uhlelo lwenzuzo ebuthakathakeni obuhlonzwe ekwakhiweni kwasebusuku ishintshile. Kuyaphawulwa ukuthi ubungozi obunjalo buvamise ukutholwa ngokushesha ngesikhathi sokuhlolwa kwangaphakathi okuzenzakalelayo kanye nokuhlola okungaqondakali. Imibiko yalezi ziphazamisi ayiholeli ekuthuthukisweni kokuphepha kweFirefox noma izindlela zokuhlola i-fuzz, ngakho-ke imivuzo yokulimala ekwakhiweni kwasebusuku izokhokhwa kuphela uma inkinga ibilokhu ikhona kunqolobane enkulu isikhathi esingaphezu kwezinsuku ezi-4 futhi ingakahlonzwa ngaphakathi. amasheke nabasebenzi beMozilla.
Source: opennet.ru