Tails project officials have issued a warning that the Tor browser that comes with the operating system is not safe to use to access or enter sensitive information.
“We recommend that you stop using Tails until the release of version 5.1 (May 31) if you use the Tor browser for sensitive information (passwords, private messages, personal information, etc.)”, the project said in a notice published this week.
Tails, short for The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at maintaining privacy and anonymity by connecting to the Internet through the Tor network.
The alert comes as Mozilla rolled out fixes on May 20, 2022 for two critical zero-day flaws in its Firefox browser, a modified version of which serves as the basis for the Tor browser.
“For example, after visiting a malicious website, an attacker controlling that website can gain access to the password or other sensitive information that you then send to other websites during the same Tails session”, indicates the opinion of Tails.
The bugs were demonstrated by Manfred Paul during the 15th edition of the Pwn2Own hacking contest held in Vancouver last week, for which the researcher was awarded $100,000.
Additionally, the weaknesses do not break the anonymity and encryption protections built into the Tor browser, which means that Tails users who do not handle sensitive information can continue to use the web browser.
“This vulnerability will be fixed in Tails 5.1 (May 31), but our team does not have the ability to release an emergency release sooner,” the developers said.