The developers of the security-focused portable Linux distro, Tails, have recently released an important advisory regarding its current release. They have warned users to avoid entering or using any personal or sensitive information while using Tor Browser on Tails 5.0 or older.
Tor Browser is the de-facto web browser used in Tails and helps protect the user’s identity online when connected to the Internet. It is mainly used by various journalists and activists to evade censorship. Everyday users can use it too.
What’s the problem?
Recently, two nasty vulnerabilities have been found that enable harmful websites to steal the user’s information from other websites.
These had been discovered in the JavaScript engine used by Firefox.
But what has Tor to do with this? For those unaware, Tor is actually a fork of Firefox and thus contains many similar features like the JavaScript engine.
To be specific, the vulnerabilities have been identified as CVE-2022-1802 and CVE-2022-1529 in an advisory published by Mozilla.
The Tails advisory best explains this:
“For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session.”
Should You Stop Using Tails Linux Distro?
Not necessarily.
Users will be glad to know that these vulnerabilities don’t affect Tor connections. This means you can casually browse the internet if you’re not exchanging any of your sensitive information like passwords, personal information, messages, etc.
Other apps in Tails, especially Thunderbird, are safe to use since the JavaScript is disabled if in use.
Furthermore, you can even enable the safest security level in the Tor browser. This is preferred because the JavaScript engine gets disabled. Do note that this will make websites function improperly.
In other words, the Tails Linux distro is still safe to use if you know what you’re doing.
A Fix is Coming Soon
Good news! Mozilla has already patched these bugs upstream and now it’s up to the Tails team when it comes to releasing the fix.
Here’s what they have stated –
This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn’t have the capacity to publish an emergency release earlier.
So, your best option is to wait for the Tails 5.1 release next week. You can read the official advisory released by Tails devs to know more.
It's FOSS turns 13! 13 years of helping people use Linux ❤️
And we need your help to go on for 13 more years. Support us with a Plus membership and enjoy an ad-free reading experience and get a Linux eBook for free.
To celebrate 13 years of It's FOSS, we have a lifetime membership option with reduced pricing of just $76. This is valid until 25th June only.
If you ever wanted to appreciate our work with Plus membership but didn't like the recurring subscription, this is your chance 😃
