Vulnerabilities impacting Debian and Thunderbird fixed in latest update
Released yesterday (June 30), version 4.8 of Tails addresses a number of security holes in the underlying Debian operating system, including a flaw in the GnuTLS library that resulted in the creation of insecure session keys.
The latest Tails release has also remedied multiple vulnerabilities in Thunderbird, which comes bundled with the OS.
As outlined in an advisory from Mozilla, the email client vulnerabilities are all classed as ‘high impact’, and include an NSS library flaw that could force DSA signatures to leak private keys.
Aside from addressing these known security vulnerabilities, the latest Tails update also includes a number of new features.
The ‘Unsafe Browser’ mode has been disabled by default, after it was revealed that an attacker could leverage a security vulnerability in Thunderbird to spin up a browser session and deanonymize users.
“Such an attack is very unlikely but could be performed by a strong attacker, such as a government or a hacking firm,” the advisory states.
Tails developers recommend that privacy-conscious users should only enable the Unsafe Browser if they need to log into a captive portal.