two “critical“JavaScript vulnerabilities put users of the anonymous Linux distribution Tails at risk if they use Tor Browser to browse. Security patches are already available but not yet implemented.
Linux Live Tails starts right from a USB drive and is designed to protect anonymity and privacy. For example, websites are accessed encryptedly via the Tor network and the system forgets the settings after a restart. The built-in Tor browser is based on Firefox ESR from Mozilla, where developers recently closed two vulnerabilities (CVE-2022–1529, CVE-2022-1802).
Follow the implementation of the security patch
In a warning message, Tails developers adviseDo not use Tor Browser to handle sensitive data such as passwords at this time. Tor Browser is already equipped with the latest security update in version 11.0.13but according to the Tails team, it won’t be able to build the secure version until May 31, 2022 5.1 . tails To merge. The reason for the delay is the lack of capacity in the team.
Until then you should not browse using a web browser. For example, when you visit a website controlled by an attacker, malicious JavaScript code can install itself in the browser and log passwords from the pages that are then visited.
Solution: Disable JavaScript
If you still want to use the Tor browser, you must activate the highest security level in the settings to turn off JavaScript. The Mozilla Thunderbird mail client should not be affected by the Tails vulnerabilities, since JavaScript is disabled by default. According to the developers, those who do not access websites using the Tor browser can use Tails as normal.
(affiliate)
“Reader. Organizer. Infuriatingly humble twitter expert. Certified communicator.”
More Stories
Nvidia GeForce RTX 4090: AIDA64 gets Ada spearhead support
Rogue Trader – Details about the first cRPG in the series – CD-Action
t3n – Digital Pioneers | digital business magazine