Ukukhishwa kokulungisa kweFirefox 101.0.1 kuyatholakala, okuphawuleka ngokuqinisa ukuhlukaniswa kwe-sandbox kuplathifomu ye-Windows. Inguqulo entsha yenza, ngokuzenzakalelayo, ivimbele ukufinyelela ku-Win32k API (izingxenye ze-Win32 GUI ezisebenza ezingeni le-kernel) ezinqubweni zokuqukethwe ezingazodwa. Lolu shintsho lwenziwe ngaphambi komncintiswano wePwn2Own 2022, ozoba ngoMeyi 18-20. Abahlanganyeli be-Pwn2Own bazobonisa amasu okusebenza okuxhaphaza ubungozi obungaziwa ngaphambili futhi, uma bephumelele, bazothola imiklomelo emangazayo. Isibonelo, i-premium yokudlula ukuhlukaniswa kwe-sandbox ku-Firefox ku-Windows platform yi-$ 100 yezinkulungwane.
Ezinye izinguquko zihlanganisa ukulungisa inkinga ngemibhalo engezansi eboniswa kumodi yesithombe-esithombeni uma usebenzisa i-Netflix, nokulungisa inkinga lapho eminye imiyalo ibingatholakali efasiteleni lesithombe-esithombeni.
Ukwengeza, kubikwa ukuthi izidingo ezintsha zengezwe emithethweni yesitifiketi sezimpande ze-Mozilla. Izinguquko, ezihlose ukubhekana nokunye kokungaphumeleli okunesikhathi eside kokuhoxiswa kwesitifiketi seseva ye-TLS, zizoqala ukusebenza ngoJuni 1.
Ushintsho lokuqala luphathelene nokubalwa kwezimali kwamakhodi anezizathu zokuhoxiswa kwesitifiketi (i-RFC 5280), iziphi iziphathimandla zesitifiketi manje ezizodingeka ukuthi, kwezinye izimo, ziyibonise esimweni sokuhoxiswa kwesitifiketi. Ngaphambilini, ezinye iziphathimandla zokunikeza izitifiketi azizange zithumele idatha enjalo noma zinikeze ngokusemthethweni, okwenze kube nzima ukulandelela izizathu zokuhoxisa izitifiketi zeseva. Manje, ukugcwaliswa okufanele kwamakhodi esizathu ohlwini lokuhoxiswa kwezitifiketi (CRLs) kuzoba isibopho futhi kuzosivumela ukuthi sihlukanise izimo ezihlobene nokuphazanyiswa kokhiye kanye nokwephulwa kwemithetho yokusebenza ngezitifiketi ezivela emacaleni okungezona ezokuvikela, njengokushintsha imininingwane inhlangano, ukuthengisa isizinda, noma ukushintsha isitifiketi ngaphambi kwesikhathi.
Ushintsho lwesibili lubophezela iziphathimandla zesitifiketi ukuthi zidlulisele ama-URL agcwele ohlu lokuhoxiswa kwezitifiketi (ama-CRL) kumsuka kanye nesizindalwazi sesitifiketi esimaphakathi (i-CCADB, Isizindalwazi Esivamile Sesitifiketi se-CA). Ushintsho luzokwenza kube nokwenzeka ukucabangela ngokugcwele zonke izitifiketi ze-TLS ezichithiwe, kanye nokulayisha kusengaphambili idatha eyengeziwe egcwele mayelana nezitifiketi ezihoxisiwe kuFirefox, engasetshenziselwa ukuqinisekiswa ngaphandle kokuthumela isicelo kumaseva eziphathimandla zezitifiketi ngesikhathi se-TLS. inqubo yokusetha uxhumano.
Source: opennet.ru