The developers of the security-focused portable Linux distro, Tails, have recently released an important advisory regarding its current release. They have warned users to avoid entering or using any personal or sensitive information while using Tor Browser on Tails 5.0 or older.
Tor Browser is the de-facto web browser used in Tails and helps protect the user’s identity online when connected to the Internet. It is mainly used by various journalists and activists to evade censorship. Everyday users can use it too.
What’s the problem?
Recently, two nasty vulnerabilities have been found that enable harmful websites to steal the user’s information from other websites.
These had been discovered in the JavaScript engine used by Firefox.
But what has Tor to do with this? For those unaware, Tor is actually a fork of Firefox and thus contains many similar features like the JavaScript engine.
To be specific, the vulnerabilities have been identified as CVE-2022-1802 and CVE-2022-1529 in an advisory published by Mozilla.
The Tails advisory best explains this:
“For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session.”
Should You Stop Using Tails Linux Distro?
Not necessarily.
Users will be glad to know that these vulnerabilities don’t affect Tor connections. This means you can casually browse the internet if you’re not exchanging any of your sensitive information like passwords, personal information, messages, etc.
Other apps in Tails, especially Thunderbird, are safe to use since the JavaScript is disabled if in use.
Furthermore, you can even enable the safest security level in the Tor browser. This is preferred because the JavaScript engine gets disabled. Do note that this will make websites function improperly.
In other words, the Tails Linux distro is still safe to use if you know what you’re doing.
A Fix is Coming Soon
Good news! Mozilla has already patched these bugs upstream and now it’s up to the Tails team when it comes to releasing the fix.
Here’s what they have stated –
This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn’t have the capacity to publish an emergency release earlier.
So, your best option is to wait for the Tails 5.1 release next week. You can read the official advisory released by Tails devs to know more.
Here's why you should opt for It's FOSS Plus Membership
- Even the biggest players in the Linux world don't care about desktop Linux users. We do.
- We don't put content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'.
- Don't like ads? With the Plus membership, you get an ad-free reading experience.
- When millions of AI-generated content is being published daily, you read and learn from real human Linux users.
- It costs just $2 a month, less than the cost of your favorite burger.
