PSA: Serious Security Vulnerability in Tor Browser

Mozilla Firefox

UPDATE: Tails version 5.1 has been released. Upgrade now.

Tor Browser in Tails 5.0 and earlier is unsafe to use for sensitive information.  From the Tails website:

We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.).

A security vulnerability was discovered in the JavaScript engine of Firefox and Tor Browser. See the Mozilla Foundation Security Advisory 2022-19n

This vulnerability allows a malicious website to bypass some of the security built in Tor Browser and access information from other websites.

For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session.

This vulnerability doesn’t break the anonymity and encryption of Tor connections.

Link: Security Bulletin issued by Tails

Photo by Rubaitul Azad


Tell Us What You Think