{"id":247403,"date":"2022-10-22T14:41:00","date_gmt":"2022-10-22T11:41:00","guid":{"rendered":"https:\/\/inform.click\/mozilla-parandab-firefoxis-kaks-aktiivselt-ara-kasutatud-nullpaeva-turvaauku\/"},"modified":"2022-10-22T14:56:00","modified_gmt":"2022-10-22T11:56:00","slug":"mozilla-parandab-firefoxis-kaks-aktiivselt-ara-kasutatud-nullpaeva-turvaauku","status":"publish","type":"post","link":"https:\/\/inform.click\/et\/mozilla-parandab-firefoxis-kaks-aktiivselt-ara-kasutatud-nullpaeva-turvaauku\/","title":{"rendered":"Mozilla parandab Firefoxis kaks aktiivselt \u00e4ra kasutatud nullp\u00e4eva turvaauku"},"content":{"rendered":"<p>\n  <strong>Suur pilt:<\/strong> Mozilla on v\u00e4lja andnud oma Firefoxi brauseri uued versioonid, mis parandavad paar kriitilist nullp\u00e4eva turvaauku. M\u00f5lemat on looduses juba aktiivselt \u00e4ra kasutatud, nii et kokkupuute v\u00e4ltimiseks peaksite plaastri k\u00e4tte haarama v\u00f5imalikult kiiresti.\n<\/p>\n<p>\n  <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2022-09\/#CVE-2022-26485\" target=\"_blank\" rel=\"noopener\">CVE-2022-26485<\/a> ja <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2022-09\/#CVE-2022-26486\" target=\"_blank\" rel=\"noopener\">CVE-2022-26486<\/a> haavatavused on m\u00f5lemad kasutusj\u00e4rgsed (UAF) haavatavused, millest Hiina Interneti-turvafirma Qihoo 360 teatas Mozillale. Nagu Kaspersky <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/use-after-free\/\" target=\"_blank\" rel=\"noopener\">r\u00f5hutab<\/a>, on seda t\u00fc\u00fcpi haavatavused seotud d\u00fcnaamilise m\u00e4lu vale kasutamine programmi t\u00e4itmise ajal.\n<\/p>\n<blockquote>\n<p>\n    Programmis olevad osutid viitavad d\u00fcnaamilises m\u00e4lus olevatele andmekogumitele. Kui andmekogum kustutatakse v\u00f5i teisaldatakse teise plokki, kuid kursor selle asemel, et kustutada (seatakse nulliks), viitab j\u00e4tkuvalt n\u00fc\u00fcd vabastatud m\u00e4lule, on tulemuseks rippuv osuti. Kui programm eraldab sama m\u00e4lumahu teisele objektile (n\u00e4iteks r\u00fcndaja sisestatud andmetele), viitab rippuv kursor n\u00fc\u00fcd sellele uuele andmekogumile. Teisis\u00f5nu, UAF-i haavatavused v\u00f5imaldavad koodi asendamist.\n  <\/p>\n<\/blockquote>\n<p>\n  CVE-2022-26485 on seotud UAF-i veaga XSLT parameetrite t\u00f6\u00f6tlemisel, samas kui teine \u200b\u200bk\u00e4sitleb UAF-i WebGPU PIC-raamistikus. Mozilla \u00fctles oma <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2022-09\/#CVE-2022-26485\" target=\"_blank\" rel=\"noopener\">turvaalases n\u00f5uandes<\/a>, et neil on teateid r\u00fcnnakutest looduses, kasutades m\u00f5lemat viga.\n<\/p>\n<p>\n  Saate hankida <a href=\"https:\/\/www.techspot.com\/downloads\/19-mozilla-firefox.html\" target=\"_blank\" rel=\"noopener\">Mozilla Firefoxi<\/a> uusima versiooni oma valitud platvormile meie allalaadimiste lehel v\u00f5i v\u00e4rskendada k\u00e4sitsi Firefoxi integreeritud abimen\u00fc\u00fc kaudu.\n<\/p>\n<p>\n  Mozilla Firefox on viimase k\u00fcmnendi jooksul loobunud m\u00e4rkimisv\u00e4\u00e4rsest turuosast. <a href=\"https:\/\/inform.click\/et\/safari-voib-peagi-kaotada-oma-koha-enimkasutatava-veebibrauserina-toolaual-nagunii\/\" title=\"StatCounteri\">StatCounteri<\/a> andmetel kasutas umbes kolmandik lauaarvutitest \u00fcle maailma 2010. aasta l\u00f5pus Firefoxi. Aasta hiljem t\u00f5usis Google'i Chrome populaarsus ja m\u00f6\u00f6dus Firefoxist. 2012 aasta keskpaigaks m\u00f6\u00f6dus Chrome Microsofti Internet Explorerist ega ole tagasi vaadanud.\n<\/p>\n<p>\n  Eelmise kuu seisuga moodustas Firefox vaid 9,46 protsenti \u00fclemaailmsest lauaarvuti brauserite turust. Vahepeal kasutati t\u00f6\u00f6stusharu liidrit Chrome'i 64,91 protsendil masinatest.\n<\/p>\n<p>\n  Pildi krediit <a href=\"https:\/\/unsplash.com\/photos\/AVtPJFo_uZk\" target=\"_blank\" rel=\"noopener\">Nata Figueiredo<\/a>\n<\/p>\n<\/p>\n<div id=\"PostUnique_PostSource\" style=\"padding-top: 50px\">\n  : <a target=\"_blank\" rel=\"noopener nofollow\" href=\"https:\/\/www.techspot.com\/news\/93680-mozilla-patches-two-actively-exploited-zero-day-vulnerabilities.html\">techspot.com<\/a>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>CVE-2022-26485 ja CVE-2022-26486 haavatavused on m\u00f5lemad kasutusj\u00e4rgsed (UAF) haavatavused, millest Hiina Interneti-turvafirma Qihoo 360 teatas Mozillale. Nagu Kaspersky r\u00f5hutab, on need&#8230;<\/p>\n","protected":false},"author":1,"featured_media":124385,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[520,598,637],"tags":[],"class_list":["post-247403","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-raznoe","category-tehnoloogia-ja-palju-muud","category-turvalisus"],"_links":{"self":[{"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/posts\/247403","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/comments?post=247403"}],"version-history":[{"count":0,"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/posts\/247403\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/media\/124385"}],"wp:attachment":[{"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/media?parent=247403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/categories?post=247403"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inform.click\/et\/wp-json\/wp\/v2\/tags?post=247403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}