Users of Tails OS are advised not to use Tor Browse.

0

Users of Tails OS are advised not to use Tor Browse. The Tails project’s maintainers have issued a warning that the Tor Browser included with the operating system is hazardous for viewing or inputting sensitive information.

“If you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.), we urge that you cease using Tails until the release of 5.1 (May 31),” the team wrote in an advice released this week.

Tails, short for The Amnesic Incognito Live System, is a security-oriented Debian-based Linux system that connects to the internet over the Tor network to maintain privacy and anonymity.

The warning comes after Mozilla released solutions for two key zero-day issues in its Firefox browser, a customized version of which serves as the core of the Tor Browser, on May 20, 2022.

The two vulnerabilities, CVE-2022-1802 and CVE-2022-1529, are referred to as prototype pollution and may be leveraged to acquire JavaScript code execution on devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.

“For example, after visiting a malicious website, an attacker controlling this website may get access to the password or other sensitive information that you provide to other websites later during the same Tails session,” according to the Tails alert.

Manfred Paul showed the weaknesses during the 15th edition of the Pwn2Own hacking competition last week in Vancouver, for which the researcher was won $100,000.

Tor Browsers with the “Safest” security level enabled, as well as the operating system’s Thunderbird email client, are resistant to the weaknesses since JavaScript is deactivated in both situations.

Furthermore, the flaws do not compromise Tor Browser’s anonymity and encryption safeguards, therefore Tails users who do not handle sensitive information can continue to use the web browser.

“This vulnerability will be addressed in Tails 5.1 (May 31), but our team does not have the capacity to deliver an emergency release sooner,” the developers explained.

Have you enjoyed reading this article? To read more exclusive material from THN, follow us on Facebook.

اترك رد

لن يتم نشر عنوان بريدك الإلكتروني.