Audit applications using WebKit ports in Tails
This blog post points out that the versions of WebKit bundled in popular Linux GUI libraries (QtWebKit and WebKitGTK) are often seriously behind in terms of receiving security fixes from upstream. It is good that Tails uses IceWeasel as the default browser, because it would be the most serious concern and fortunately it is not affected. However, there are a number of other applications that do use WebKitGTK, some of which may be included in Tails. Here’s an incomplete list from the blog post:
GIMP, Liferea (edited list to remove software that Tails doesn’t ship)
It would be good to audit Tails’ use of these programs (and any other programs that might use out-of-date WebKit) and evaluate whether this could lead to security vulnerabilities for Tails users.