Home>Blog>The Hacker News Headlines>Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched
The Hacker News Headlines

Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched

Tails OS

The maintainers of the Tails project have issued a warning that
the Tor Browser that’s bundled with the operating system is unsafe
to use for accessing or entering sensitive information.

“We recommend that you stop using Tails until the release of 5.1
(May 31) if you use Tor Browser for sensitive information
(passwords, private messages, personal information, etc.),” the
project said[1]
in an advisory issued this week.

Tails, short for The Amnesic Incognito Live System, is a
security-oriented Debian-based Linux distribution aimed at
preserving privacy and anonymity by connecting to the internet
through the Tor network.

CyberSecurity

The alert comes as Mozilla on May 20, 2022 rolled out fixes for
two critical zero-day flaws[2] in its Firefox browser,
a modified version of which acts as the foundation of the Tor
Browser.

Tracked as CVE-2022-1802 and CVE-2022-1529, the two
vulnerabilities are what’s referred to as prototype pollution[3]
that could be weaponized to gain JavaScript code execution on
devices running vulnerable versions of Firefox, Firefox ESR,
Firefox for Android, and Thunderbird.

“For example, after you visit a malicious website, an attacker
controlling this website might access the password or other
sensitive information that you send to other websites afterwards
during the same Tails session,” the Tails advisory reads.

The bugs were demonstrated[4]
by Manfred Paul at the 15th edition of the Pwn2Own hacking contest
held at Vancouver last week, for which the researcher was awarded
$100,000.

CyberSecurity

However, Tor Browsers that have the “Safest[5]” security level enabled
as well as the Thunderbird email client in the operating system are
immune to the flaws as JavaScript is disabled in both cases.

Also, the weaknesses don’t break the anonymity and encryption
protections baked into Tor Browser, meaning that Tails users who
don’t handle sensitive information can continue to use the web
browser.

“This vulnerability will be fixed in Tails 5.1 (May 31), but our
team doesn’t have the capacity to publish an emergency release
earlier,” the developers said.

References

  1. ^
    said
    (tails.boum.org)
  2. ^
    two
    critical zero-day flaws     (www.mozilla.org)
  3. ^
    prototype pollution
    (learn.snyk.io)
  4. ^
    demonstrated
    (www.zerodayinitiative.com)
  5. ^
    Safest
    (tails.boum.org)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.