![]() Welcome to our continuing coverage of the war in Ukraine.īefore we bring you today's updates, here's what you need to know from overnight: Years in prison, which also stoked tensions between the two countries. This year, a Belarusian court upheld an earlierĭecision to sentence a journalist of Polish origin to eight ![]() The move made Poland the first NATO member country to fulfil the Ukrainian government's increasingly urgent requests for warplanes. This year, Poland confirmed it would send MiG-29 fighter jets to Ukraine to help it in its fight. The restriction applies to trucks, tractor-trailers, trailers, and semi-trailers registered in Belarus or Russia and will begin from 1 June "until further notice", the news agency has said.Īccording to the justification of the regulation, the decision was necessary to "ensure public safety".įor context: There has been growing tension between Poland and Russia over the past year and Poland has been a staunch supporter of Ukraine. Polish interior minister Mariusz Kaminski signed an order yesterday to stop the trucks from crossing into Poland when entering through its border with Belarus. On Linux and the BSDs, if you are relying on the version of Firefox packaged by your distribution, check with your distro maker for the latest version they’ve published.įollow on Twitter for the latest computer security news.Freight trucks registered in either Russia or Belarus will be banned entry into Poland, according to the Polish news agency PAP. On your mobile phone, check with Google Play or the Apple App Store to ensure you’ve got the latest version. If not, the About window will prompt you to download and activate the needed update – you are looking for 104.0, or ESR 102.2, or ESR 91.13, depending on which release series you are on. On desktops or laptops, go to Help > About Firefox to check if you’re up-to-date. …could end up with security permissions “borrowed” from parent window Y that you would not expect to be passed on (and that you would not knowingly grant) to X, including access to your webcam and microphone. ![]() In the second bug, web content from an untrusted site X shown in a sub-window (an IFRAME, short for inline frame) within a trusted site Y… In the first bug, Firefox could be lured into presenting content served up from an unknown and untrusted site as if it had come from a URL hosted on a server that you already knew and trusted. ![]() CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent’s permissions.Īs you can imagine, these bugs mean that rogue content fetched from an otherwise innocent-looking site could end up with Firefox tricking you into trusting web pages that you shouldn’t.CVE-2022-38472: Address bar spoofing via XSLT error handling.The two specific and apparently-related vulnerabilities that made the High category this month were: The reason there are two ESRs at any time is to provide a substantial double-up period between versions, so you are never stuck with taking on new features just to get security fixes – there’s always an overlap during which you can keep using the old ESR while trying out the new ESR to get ready for the necessary switchover in the future. Similarly, for ESR 91.13, we have 91+13 = 104, to make it clear that although version 91 is still back at the feature set from about a year ago, it’s up-to-the-moment as far as security patches are concerned. So, for ESR 102.2, we have 102+2 = 104 (the current leading-edge version). The ESR version numbers combine to tell you what feature set you have, plus how many security updates there have been since that version came out. ESR demystifiedĪs we’ve explained before, Firefox Extended Support Release is aimed at conservative home users and at corporate sysadmins who prefer to delay feature updates and functionality changes, as long as they don’t miss out on security updates by doing so. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2022-38478 covers additional bugs that exist in the Firefox code going back to version 91, because that’s the basis of the secondary Extended Support Release, which now stands at ESR 91.13.Īs usual, Mozilla is plain-speaking enough to make the simple pronouncement that:.CVE-2022-38477 covers bugs that affect only Firefox builds based on the code of version 102 and later, which is the codebase used by the main version, now updated to 104.0, and the primary Extended Support Release version, which is now ESR 102.2.As usual, the Mozilla team assigned two overarching CVE numbers to bugs that they found-and-fixed using proactive techniques such as fuzzing, where buggy code is automatically probed for flaws, documented, and patched without waiting for someone to figure out just how exploitable those bugs might be:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |