Skip to content

Tails Linux Users Warned Against Using the Tor Browser: Here's why!

The developers of the security-focused portable Linux distro, Tails, have recently released an important advisory regarding its current release. They have warned users to avoid entering or using any personal or sensitive information while using Tor Browser on Tails 5.0 or older.

Tor Browser is the de-facto web browser used in Tails and helps protect the user’s identity online when connected to the Internet. It is mainly used by various journalists and activists to evade censorship. Everyday users can use it too.

What’s the problem?

Recently, two nasty vulnerabilities have been found that enable harmful websites to steal the user’s information from other websites.

These had been discovered in the JavaScript engine used by Firefox.

But what has Tor to do with this? For those unaware, Tor is actually a fork of Firefox and thus contains many similar features like the JavaScript engine.

To be specific, the vulnerabilities have been identified as CVE-2022-1802 and CVE-2022-1529 in an advisory published by Mozilla.

The Tails advisory best explains this:

“For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session.”

Should You Stop Using Tails Linux Distro?

Not necessarily.

Users will be glad to know that these vulnerabilities don’t affect Tor connections. This means you can casually browse the internet if you’re not exchanging any of your sensitive information like passwords, personal information, messages, etc.

Other apps in Tails, especially Thunderbird, are safe to use since the JavaScript is disabled if in use.

Furthermore, you can even enable the safest security level in the Tor browser. This is preferred because the JavaScript engine gets disabled. Do note that this will make websites function improperly.

In other words, the Tails Linux distro is still safe to use if you know what you’re doing.

A Fix is Coming Soon

Good news! Mozilla has already patched these bugs upstream and now it’s up to the Tails team when it comes to releasing the fix.

Here’s what they have stated –

This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn’t have the capacity to publish an emergency release earlier.

So, your best option is to wait for the Tails 5.1 release next week. You can read the official advisory released by Tails devs to know more.

More from It's FOSS...