The developers of the Tails Linux distribution have warned its users not to use Tails 5.0 with their sensitive information. Currently, there are two bugs affecting the Firefox JavaScript engine, which can be tracked as CVE-2022-1802 and CVE-2022-1529; those bugs allow attackers to access sensitive information such as passwords from the websites the user visited by Tor Browser.
The patch requires a new release
The issues will be fixed with the new Tails release, which is scheduled for 31st of May
Those bugs were discovered during the first day of the Pwn2Own 2022 Vancouver hacking event and have been immediately patched. However, Tails developers can’t deliver those patches for included apps until the next release. Therefore, the developers of Tail Linux will release Tails 5.1 31st of May which will fix this issue.
According to the developers, those bugs do not affect the Tor Browser users that prefer the Safest security level since JavaScript is disabled on this option. If you are not entering any sensitive information into Tor Browser, you are still safe; those vulnerabilities do not affect the usual encryption or anonymity of Tor connections.