Following the revelation of a prototype pollution vulnerability, Tails is recommending users to cease using Tor Browser, which comes packaged with the privacy-focused operating system (OS).
Tor Browser is a fork of the open source Firefox web browser, which is where the major vulnerability, CVE-2022-1802, was discovered.
The makers of Tails, a security-focused Debian-based Linux system used for security and anonymity, urged users not to use Tor Browser when handling sensitive information since the flaw might compromise whatever security it offers.
This is at least until Tails 5.1, which is set to be released on May 31.
“This vulnerability allows a hostile website to overcome part of the protection implemented into Tor Browser and access information from other websites,” according to a Tails security alert.
“For example, after visiting a malicious website, an attacker managing that website may gain access to the password or other sensitive information that you later provide to other websites while using Tails.”
The issue does not compromise the anonymity and encryption of Tor connections, therefore using Tails to view websites is still secure and anonymous if you do not disclose important information with them.
Tails 5.0 includes Tor Browser 11.0.11, which contains the prototype pollution bug.
Users may use the standalone, fully updated version of the browser on Mac, Windows, or Linux while they wait for Tails 5.1, which will include the Tor Browser 11.0.13 security upgrade.
The Tails team stated, “This vulnerability will be resolved in Tails 5.1 (May 31), however our team does not have the resources to produce an emergency release earlier.”
More information on the security problems revealed by researcher Manfred Paul may be found in a Mozilla security alert.
It also includes information on how to protect against the vulnerabilities using Firefox, Firefox ESR, Firefox for Android, and Thunderbird.