Commit 39211485 authored by sajolida's avatar sajolida
Browse files

Publish security advisory about sandbox escape

This second vulnerability might be harder to exploit without the first
one but its consequences could be as bad.
parent 2fed3083
......@@ -11,7 +11,11 @@ vulnerabilities|security/Numerous_security_holes_in_3.14]]. You should upgrade a
[[!toc levels=1]]
## Fixed arbitrary code execution in *Tor Browser*
# Critical security vulnerabilities in *Tor Browser*
## Fixed arbitrary code execution
**This vulnerability is fixed in Tails 3.14.1.**
A [critical vulnerability](
was discovered in the JavaScript engine of *Firefox* and *Tor Browser*.
......@@ -19,8 +23,8 @@ This vulnerability allowed a malicious website to execute arbitrary
code, which means possibly taking over your browser and turning it into
a malicious application.
The Firefox team has reported seeing this vulnerability being abused on
the Internet but has not disclosed further details.
This vulnerability has already been used to
[target employees of the Coinbase cryptocurrency exchange](
People using the *Safer* or *Safest* [[security level of *Tor
Browser*|doc/anonymous_internet/Tor_Browser#security_level]] are not
......@@ -33,15 +37,23 @@ Because *Tor Browser* in Tails is [[confined using
of this vulnerability in Tails is less than in other operating systems.
For example, an exploited *Tor Browser* in Tails could have accessed
your files in the *Tor Browser* and *Persistent/Tor Browser* folders but
not elsewhere in your persistent storage.
A second security vulnerability (a *sandbox escape*) has been revealed
on *Firefox* and *Tor Browser*. This second vulnerability could only be
used by other possible vulnerabilities in *Firefox* or *Tor Browser* as
a way to do more damage to the operating system. Because in Tails, *Tor
Browser* is already confined by *AppArmor*, we think that this second
vulnerability is not severe in Tails. That is why, we are releasing
3.14.1 today, without waiting for a fix for this second vulnerability.
not anywhere else.
## Unfixed sandbox escape
<div class="caution">
<p><strong>This second vulnerability is still affecting Tails 3.14.1 and
<em>Tor Browser</em> is unsafe to use in most cases.</strong></p>
<p>We will fix it as soon as possible.</p>
[[!inline pages="news/version_3.14.1/sandbox_escape.inline" raw="yes" sort="age"]]
We might update our analysis or announce an emergency release soon in
our [[security advisory|security/sandbox_escape_in_tor_browser]].
# Upgrades and changes
A security vulnerability was discovered in the sandboxing
mechanism of *Firefox* and *Tor Browser*. This vulnerability allows a
malicious website to bypass some of the confinement built in *Firefox*,
which means possibly spying on the content of other tabs and steal
the passwords of other websites.
After *Tor Browser* has been compromised, the only reliable solution is
to restart Tails.
Because *Tor Browser* in Tails is [[confined using
*AppArmor*|doc/anonymous_internet/Tor_Browser#confinement]], only the
data accessible to *Tor Browser* might be compromised but not the other
applications or your other files. For example, a compromised *Tor
Browser* might access your files in the *Tor Browser* and
*Persistent/Tor Browser* folders but not anywhere else.
For example, without restarting Tails:
- It is unsafe to:
- Log in to a website and also visit an untrusted website.
Your password on the first website might be stolen by the untrusted website.
- Visit an untrusted website if you have sensitive information stored
in your *Persistent/Tor Browser* folder. The untrusted website might
access these files.
- It is safe to:
- Visit untrusted websites, without logging in, if you have no
sensitive information stored in your *Tor Browser* and
*Persistent/Tor Browser* folders.
- Log in to several trusted websites without visiting any untrusted
[[!meta date="Thu, 20 Jun 2019 00:00:00 +0000"]]
[[!meta title="Critical security vulnerability in Tor Browser"]]
<div class="caution">
<p>Tor Browser in Tails 3.14.1 and earlier is unsafe to use in most cases.</p>
<p>We might update our analysis or announce an emergency release soon on
this page.</p>
[[!inline pages="news/version_3.14.1/sandbox_escape.inline" raw="yes" sort="age"]]
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment