Serious security vulnerability in Tails 5.0

Tor Browser in Tails 5.0 and earlier is unsafe to use for sensitive information.

The problem is that Tails 5.0 uses version 11.0.11 of the Tor Browser. This is based on a version of Firefox that contains vulnerabilities in its JavaScript interpreter. The current version of the Tor Browser is 11.0.13, and this new version is not vulnerable to the attacks that work against version 11.0.11 and earlier. If you use the Tor Browser with other OSes (not Tails), you should check to see that you have the newest version.

If you keep JavaScript disabled this vulnerability does not affect you. The Tor Browser makes it very easy to disable JavaScript. This problem will also not affect you if you don't enter any sensitive information into web sites.

If you start Tails today, Tails itself will warn you about this. Oddly the Tails home page has no such warning.

Here is the page about the vulnerability. https://tails.boum.org/security/prototype_pollution/

Here is the Tails home page. https://tails.boum.org/

The recommendation from Tails is that you don't use the Tor Browser in Tails until the next version of Tails is released. This should be version 5.1 and it should be released on 31 May 2022.

#tails #tor #tor-browser #vulnerability #bug #security #privacy #surveillance #firefox #mozilla