Additionally, there is some fallout beyond the standard versions of Firefox and Thunderbird. Users of the anti-surveillance Tails Operating System have been warned to stop using the bundled Tor browser until a fix goes live. This is because it could be potentially vulnerable to CVE-2022-1802:
This vulnerability allows a malicious website to bypass some of the security built in Tor Browser and access information from other websites.
For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session.
This vulnerability doesn’t break the anonymity and encryption of Tor connections.
The fix for this Tails issue may not be seen until at least version 5.1. At time of writing, the expected release date for this is May 31.
The two issues come with the following description:
Update now, if you haven’t already
Most installations of Thunderbird and Firefox will be set to update by default. If this is the case, you should already have the security fixes applied and you have nothing to worry about.
This isn’t the case for all installations, however. If you don’t have Firefox or Thunderbird set to update automatically, the fix won’t be present. As a result, you’ll need to manually apply the update.
In Firefox, navigate to Settings and then click General > Firefox Updates.
From here, select the most suitable option from Allow Firefox to:
- Automatically install updates
- Check for updates but let you choose to install them.
With both of these tasks accomplished, you should no longer be at risk from either CVE.
The post Firefox, Thunderbird, receive patches for critical security issues appeared first on Malwarebytes Labs.