Ukukhishwa okulungile kweFirefox 100.0.2, Firefox ESR 91.9.1 kanye ne-Thunderbird 91.9.1 kushicilelwe, kulungiswa ubungozi obubili okukalwe njengokubalulekile. Emqhudelwaneni we-Pwn2Own 2022 oqhubeka kulezi zinsuku, kwaboniswa ukuxhaphaza okusebenzayo okwenze kwaba nokwenzeka ukudlula ukuhlukaniswa kwebhokisi lesihlabathi lapho uvula ikhasi eliklanywe ngokukhethekile futhi kusetshenziswa ikhodi ohlelweni. Umbhali we-exploit waklonyeliswa umklomelo wama-dollar ayizinkulungwane eziyi-100.
Ukuba sengozini kokuqala (i-CVE-2022-1802) kukhona ekusetshenzisweni komsebenzisi olindile futhi kuvumela izindlela entweni ye-Array ukuthi zonakaliswe ngokushintsha isakhiwo se-prototype (“i-prototype pollution”). Ukuba sengozini kwesibili (CVE-2022-1529) kwenza kube nokwenzeka ukushintsha isakhiwo sesibonelo lapho kucutshungulwa idatha engaqinisekisiwe phakathi nokukhonjwa kwezinto ze-JavaScript. Ubungozi buvumela ikhodi ye-JavaScript ukuthi isetshenziswe ngenqubo yomzali enelungelo.
Source: opennet.ru