Ngomhla zingama-23 kuNdasa, 2020, i-Tor Project ikhiphe isibuyekezo se-Tor Browser senguqulo engu-9.0.7, esilungisa izinkinga zokuphepha kumzila we-Tor futhi siguqule ngokuphawulekayo ukuziphatha kwesiphequluli lapho sikhetha ileveli yezilungiselelo ezivikeleke kakhulu (Eziphephe Kakhulu).
Izinga elivikeleke kakhulu lisho ukuthi i-JavaScript ivaliwe ngokuzenzakalelayo kuwo wonke amasayithi. Nokho, ngenxa yenkinga esengezo se-NoScript, lo mkhawulo okwamanje ungeqiwa. Njengendlela yokusebenza, abathuthukisi be-Tor Browser bakwenze kwaba nzima ukuthi i-JavaScript isebenze lapho izinga lokuphepha libekwe phezulu kakhulu.
Lokhu kungase kwephule okwenziwa yi-Tor Browser kubo bonke abasebenzisi abanemodi yokuphepha ephakeme kakhulu evunyelwe, njengoba kungasakwazi ukunika amandla i-JavaScript ngokusebenzisa izilungiselelo ze-NoScript.
Uma udinga ukubuyisela ukuziphatha kwangaphambilini kwesiphequluli, okungenani okwesikhashana, ungakwenza mathupha, ngale ndlela elandelayo:
- Vula ithebhu entsha.
- Thayipha okuthi:config kubha yekheli bese ucindezela u-Enter.
- Kubha yokusesha ngaphansi kwebha yekheli faka: javascript.enabled
- Chofoza kabili emugqeni osele, inkambu ethi βValueβ kufanele ishintshe isuka kumanga iye eqinisweni
Irutha yenethiwekhi ye-Tor eyakhelwe ngaphakathi ibuyekeziwe yaba yinguqulo engu-0.4.2.7. Ukushiyeka okulandelayo kulungisiwe enguqulweni entsha:
- Kulungiswe isiphazamisi (CVE-2020-10592) esivumela noma ngubani ukuthi enze ukuhlasela kwe-DoS kuseva edluliselwe noma yezimpande, okubangela ukugcwala kwe-CPU, noma ukuhlaselwa okuvela kumaseva ohla lwemibhalo ngokwawo (hhayi nje okuyizimpande), okubangela ukugcwala kwe-CPU abasebenzisi benethiwekhi abajwayelekile.
Ukulayisha ngokweqile kwe-CPU okuhlosiwe kungasetshenziswa ngokusobala ukuqalisa ukuhlasela kwesikhathi, okusiza ukususa igama labasebenzisi noma amasevisi afihliwe. - I-CVE-2020-10593 elungisiwe, engabangela ukuvuza kwememori okude okungaholela ekusetshenzisweni kabusha kweketango eliphelelwe yisikhathi.
- Amanye amaphutha nokweqiwa
Source: linux.org.ru