Izolo omunye wozakwethu ibike ezinye izimbungulu ezitholakele lokho kuthinta zonke izinhlobo zeFirefox ngoba kutholakale ukuba sengozini kosuku olungu-zero kusiphequluli futhi ixhashazwa ngenkuthalo ekuhlaselweni okuhlosiwe. Ukwephulwa kwezokuphepha kuvezwe ngeProject Zero yakwaGoogle futhi kuthinta zonke izinhlobo zeFirefox.
Manje ngemuva kosuku, iMozilla iphinde icele bonke abasebenzisi besiphequluli ukuthi babuyekeze futhi enguqulweni entsha ephezulu esevele ikhishiwe, this ngesizathu sokuthi kutholakale ubungozi bosuku lwesibili kusiphequluli.
Isiphazamisi sezinsuku ezimbili ku-Firefox
IMozilla ikhiphe iFirefox 67.0.4 ukulungisa ubungozi ukuphepha okusetshenziswe ekuhlaselweni okuhlosiwe kumafemu we-cryptocurrency afana neCoinbase. Abasebenzisi beFirefox kufanele bafake lesi sibuyekezo ngokushesha.
Kutholakala ngemuva kweFirefox 67.0.3 no-60.7.1, Izinguqulo ezingeziwe zokulungisa i-67.0.4 ne-60.7.2 zikhishwe, kususa ubungozi bosuku lwesibili lwe-zero (CVE-2019-11708), okuvumela ukweqa indlela yokuhlukanisa i-sandbox yesiphequluli.
Inkinga ivumela ukusebenzisa isicelo somyalo ukuvula ukukhwabanisa kwe-IPC ukuvula okuqukethwe kwewebhu kunqubo yengane engasebenzisi i-sandbox.
Kuhlanganiswe nokunye ukuba sengozini, le nkinga ikuvumela ukuthi weqe wonke amazinga wokuvikela futhi hlela ukwenziwa kwekhodi kusistimu.
Ngaphambi kokulungiswa, ukuba sengozini okukhonjwe kuzinguqulo ezimbili zokugcina zeFirefox Babesetshenziselwa ukwenza ukuhlaselwa kwabasebenzi be-cryptocurrency exchange Coinbase futhi basetshenziselwa nokusabalalisa i-malware yesikhulumi se-macOS.
Ukuqinisekiswa okwanele kwamapharamitha adluliswe nge-Prompt: Vula umyalezo we-IPC phakathi kwezinqubo zezingane nomzali kungadala ukuthi inqubo yomzali engeyona eyesihlabathi ivule okuqukethwe kwewebhu okukhethwe yinqubo yengane ebekiwe. Uma kuhlanganiswe nobuthakathaka obungeziwe, lokhu kungaholela ekusetshenzisweni kwekhodi engenakuphikwa kwikhompyutha yomsebenzisi.
Kuleli sonto, abakwaMozilla bakhiphe iFirefox 67.0.3 ukulungisa ubungozi obubucayi bokwenza ikhodi ebikade busetshenziswa ekuhlaselweni okuhlosiwe.
Kusukela ikhishwe, ubungozi nokunye okungaziwa kwatholakala ukuthi baboshwe ngamaketanga njengengxenye yokuhlaselwa kwe-spoofing ukususa nokwenza imisebenzi ekhokhelwa kabi emishinini yesisulu.
Kusolwa lokho Imininingwane mayelana nokuba sengozini kokuqala ithunyelwe kuMozilla ngumhlanganyeli weGoogle Project Zero ngo-Ephreli 15 futhi walungiswa ngoJuni 10 enguqulweni ye-beta yeFirefox 68 (abahlaseli mhlawumbe bahlaziya isixazululo esishicilelwe futhi balungiselela ukuxhashazwa besebenzisa okunye ukuba sengozini ukugwema ukuhlukaniswa kwe-sandbox).
Ungasibuyekeza kanjani isiphequluli seFirefox kuLinux?
Ukuze uvuselele izinguqulo ezintsha zokulungisa lesi siphequluli futhi usifake nokuzifaka uma ungenayo, ungakwenza lokho ngokulandela imiyalo esabelana ngayo ngezansi.
Abasebenzisi be-Ubuntu, i-Linux Mint noma okunye okuphuma ku-Ubuntu, Bangakwazi ukufaka noma ukubuyekeza kule nguqulo entsha ngosizo lwe-PPA yesiphequluli.
Lokhu kungangezwa ohlelweni ngokuvula i-terminal bese wenza umyalo olandelayo kuyo:
sudo add-apt-repository ppa:ubuntu-mozilla-security/ppa -y sudo apt-get update
Bakwenze lokhu manje kuzofanele bafake no:
sudo apt install firefox
para konke okunye ukusatshalaliswa kweLinux kungalanda amaphakheji kanambambili funa isixhumanisi esilandelayo.
Noma hlola ukuthi inguqulo entsha isivele ifakiwe yini ezinqolobaneni ze-distro yakho.
Enye indlela yokuvuselela isiphequluli Kunguqulo yakamuva ngokuvula isiphequluli, lapha abasebenzisi bangasesha ngesandla izibuyekezo ezintsha kumenyu yeFirefox -> Usizo -> Mayelana neFirefox. IFirefox izohlola ngokuzenzakalela isibuyekezo esisha bese iyifaka.
Futhi Ukulungiswa kwamaphutha kweFirefox kulindelekile kutholwe iphutha lesibili le-zero day shaya isiphequluli seTor ezinsukwini ezimbalwa ezilandelayo.
Kusukela namuhla, ithimba leTor Browser livuselelwe kwinguqulo 8.5.2, okubandakanya ukulungiswa kwephutha lokuqala losuku olutholakele egatsheni leFirefox.