Tails Linux users are warned against using the Tor browser: here’s why!


The developers of the security-focused portable Linux distribution, Tails, recently released an important notice regarding its current version. They warned users to avoid entering or using personal or sensitive information when using the Tor Browser on Tails 5.0 or older.

Tor Browser is the de facto web browser used in Tails and helps protect the online user’s identity when connected to the Internet. It is mainly used by various journalists and activists to evade censorship. Daily users can also use it.

What is the problem?

Recently, two nasty vulnerabilities have been discovered that allow harmful websites to steal user information from other websites.

These had been discovered in the JavaScript engine used by Firefox.

But what does Tor have to do with it? For those who don’t know, Tor is actually a fork of Firefox and therefore contains many similar features like the JavaScript engine.

To be specific, the vulnerabilities were identified as CVE-2022-1802 and CVE-2022-1529 in an advisory published by Mozilla.

Tails review explains this best:

“For example, after visiting a malicious website, an attacker controlling that website could gain access to the password or other sensitive information that you then send to other websites during the same Tails session.”

Should you stop using Tails Linux Distro?

Not necessarily.

Users will be happy to know that these vulnerabilities do not affect Tor connections. This means that you can browse the Internet in a relaxed way if you do not exchange any of your sensitive information such as passwords, personal information, messages, etc.

Other Tails applications, especially Thunderbird, are safe to use as JavaScript is disabled if used.

Moreover, you can even enable the safest level of security in the Tor Browser. This is preferable because the JavaScript engine is disabled. Note that this will make websites work incorrectly.

In other words, the Tails Linux distribution is still safe to use if you know what you’re doing.

A fix is ​​coming soon

Good news! Mozilla has already fixed these bugs upstream and it is now up to the Tails team to release the fix.

Here is what they said –

This vulnerability will be fixed in Tails 5.1 (May 31st), but our team does not have the capacity to release an emergency version sooner.

So your best option is to wait for the release of Tails 5.1 next week. You can read the official notice published by Tails developers to learn more.


Comments are closed.