Tails developers have warned users to stop using the Debian-based portable Linux distribution until the next release if they enter or access sensitive information using the bundled Tor Browser application.
Tails (short for The Amnesic Incognito Live System) is a Linux distribution focused on protecting the anonymity of users (e.g. activists and journalists) and helping them circumvent censorship by forcing all connections to and from the Internet through the Tor network.
“We recommend that you stop using Tails until the release of version 5.1 (May 31) if you use the Tor browser for sensitive information (passwords, private messages, personal information, etc.)”, warned the Tails developers.
Although bugs have already been fixed upstream, the developers cannot provide fixes for any of the included applications until the next release, since Tails is a live Linux distribution.
The vulnerabilities allow attackers to access information from other websites visited using the Tor Browser if successfully exploited.
“For example, after visiting a malicious website, an attacker controlling that website can gain access to the password or other sensitive information that you then send to other websites during the same Tails session”, adds the Tails review.
Tails still safe for some users
Additionally, Tails users who do not use or access sensitive information through the Tor Browser can still use it safely because security vulnerabilities do not break the encryption and anonymity of Tor connections.
“Mozilla is already aware of websites exploiting this vulnerability. This vulnerability will be patched in Tails 5.1 (May 31), but our team does not have the ability to release an emergency release sooner,” the Tails team warned. .