Abathuthukisi benethiwekhi ye-Tor engaziwa bashicilele imiphumela yocwaningomabhuku lwe-Tor Browser kanye ne-OONI Probe, i-rdsys, i-BridgeDB ne-Conjure amathuluzi athuthukiswe iphrojekthi, asetshenziselwa ukudlula ukucwaninga. Ukucwaninga kwenziwa yiCure53 kusukela ngoNovemba 2022 kuya ku-Ephreli 2023.
Ngesikhathi sokucwaninga kwamabhuku, kuhlonzwe ubuthakathaka obuyi-9, okubili kwakho kwahlukaniswa njengokuyingozi, oyedwa wanikezwa izinga eliphakathi lengozi, kwathi u-6 wahlukaniswa njengezinkinga ezinezinga elincane lengozi. Futhi kusisekelo sekhodi, kutholwe izinkinga eziyi-10 ezahlukaniswa njengamaphutha ahlobene nokungavikeleki. Ngokuvamile, ikhodi ye-Tor Project iqashelwa ukuthi ithobelana nezinqubo ezivikelekile zokuhlela.
Ukuba sengozini kokuqala okuyingozi bekukhona ngemuva kwesistimu esabalalisiwe ye-rdsys, eqinisekisa ukulethwa kwezinsiza ezifana nohlu lwama-proxy kanye nezixhumanisi zokulanda kubasebenzisi abahloliwe. Ukuba sengozini kubangelwa ukuntuleka kokuqinisekisa lapho ufinyelela isibambi sokubhaliswa kwensiza futhi kwavumela umhlaseli ukuthi abhalise izinsiza zakhe ezinonya ukuze zilethwe kubasebenzisi. Ukusebenza kubiyela ekuthumeleni isicelo se-HTTP kusibambi se-rdsys.
Ukuba sengozini kwesibili okuyingozi kutholwe ku-Tor Browser futhi kudalwe ukuntuleka kokuqinisekiswa kwesiginesha yedijithali lapho kubuyiselwa uhlu lwamanodi ebhuloho nge-rdsys ne-BridgeDB. Njengoba uhlu lulayishwe esipheqululini esigabeni ngaphambi kokuxhuma kunethiwekhi ye-Tor engaziwa, ukuntuleka kokuqinisekiswa kwesiginesha yedijithali ye-cryptographic kuvumela umhlaseli ukuthi athathe indawo yokuqukethwe ohlwini, ngokwesibonelo, ngokunqamula ukuxhumana noma ngokugebenga iseva. okusatshalaliswa ngayo uhlu. Esimeni sokuhlasela okuyimpumelelo, umhlaseli angahlela ukuthi abasebenzisi baxhume ngenodi yabo yebhuloho esengozini.
Ukuba sengozini kobunzima obumaphakathi bekukhona kusistimu engaphansi ye-rdsys kusikripthi sokuphakelwa komhlangano futhi kwavumela umhlaseli ukuthi aphakamise amalungelo akhe ukusuka kumsebenzisi ongekho kumsebenzisi we-rdsys, uma ebekwazi ukufinyelela kuseva kanye nekhono lokubhalela uhla lwemibhalo okwesikhashana. amafayela. Ukuxhaphaza ubungozi kuhilela ukufaka esikhundleni sefayela elisebenzisekayo elitholakala kuhla lwemibhalo /tmp. Ukuthola amalungelo omsebenzisi we-rdsys kuvumela umhlaseli ukuthi enze izinguquko kumafayela asebenzisekayo aqaliswe nge-rdsys.
Ubungozi obuphansi bekudalwe ngokuyinhloko ukusetshenziswa kokuncika okudlulelwe yisikhathi obekuqukethe ubungozi obaziwayo noma amandla okunqatshelwa kwesevisi. Ubungozi obuncane ku-Tor Browser buhlanganisa amandla okudlula i-JavaScript lapho ileveli yokuphepha isethwe ezingeni eliphezulu kakhulu, ukuntuleka kwemikhawulo ekulandweni kwamafayela, kanye nokuvuza kolwazi okungenzeka ngekhasi lasekhaya lomsebenzisi, okuvumela abasebenzisi ukuthi balandelelwe phakathi kokuqalisa kabusha.
Njengamanje, bonke ubungozi bulungisiwe; phakathi kwezinye izinto, ukuqinisekiswa kusetshenziswe kubo bonke abaphathi be-rdsys futhi nokuhlolwa kohlu olulayishwe ku-Tor Browser ngesiginesha yedijithali yengeziwe.
Ukwengeza, singabona ukukhululwa kwe-Tor Browser 13.0.1. Ukukhishwa kuvumelaniswe ne-Firefox 115.4.0 ESR codebase, elungisa ubungozi obuyi-19 (i-13 ibhekwa njengeyingozi). Ukulungiswa kokuba sengozini okuvela egatsheni le-Firefox 13.0.1 kudluliselwe ku-Tor Browser 119 ye-Android.
Source: opennet.ru