Serious security vulnerability in Tails 5.0 due to security vulnerability in the JavaScript engine of Firefox and Tor Browser.

how it is affecting Tails:

This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn't have the capacity to publish an emergency release earlier.

A warning about this security vulnerability is displayed during system start.
By that we make sure all Tails user are well informed.

Other applications in Tails are not vulnerable. Thunderbird in Tails is not vulnerable because is disabled.

The Safest security level of Tor Browser is not affected because JavaScript is disabled at this security level.

@tails I would like to contribute, thanks for sharing the link!!

@tails is this the official Tails account? I like to interview people from the tech/privacy field for my blog

no, not an official account.
The corresponding ticket about it is here:

Should I ask someone from the dev team if they like to have an interview with you?
Otherwise you could also reach them very well through the following email list:

"We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)."


Tails 5.1 will probaby be released on Sunday, if the patched #Tor Browser tarballs become available tomorrow.

Source: #Tails dev mailing list today.

@chpietsch oh, good to know, I am eagerly awaiting the TAILS update.

I think there's a separate issue going on with network health that's related to the recent Tor Browser release that enables congestion control, it's shifting traffic around and things are SLOW right now. I have at least 1 friend who uses Tor a lot who's also noticed.

but I'm also not 100% convinced it's not just some weird problem with the router I just swapped in a couple weeks ago, its firmware is a bit creaky.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.