Additionally, there is some fallout beyond the standard versions of Firefox and Thunderbird. Users of the anti-surveillance Tails Operating Systemhave been warned to stop using the bundled Tor browser until a fix goes live. This is because it could be potentially vulnerableto CVE-2022-1802:
This vulnerability allows a malicious website to bypass some of the security built in Tor Browser and access information from other websites.
For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session.
This vulnerability doesn't break the anonymity and encryption of Tor connections.
The fix for this Tails issue may not be seen until at least version 5.1. At time of writing, the expected release date for this is May 31.
The two issuescome with the following description:
Update now, if you haven't already
Most installations of Thunderbird and Firefox will be set to update by default. If this is the case, you should already have the security fixes applied and you have nothing to worry about.
This isn't the case for all installations, however. If you don'thave Firefox or Thunderbird set to update automatically, the fix won't be present. As a result, you'll need to manually apply the update.
In Firefox, navigate to Settingsand then click General> Firefox Updates.
From here, select the most suitable option from Allow Firefox to:
- Automatically install updates
- Check for updates but let you choose to install them.
The update process for Thunderbird is much the same as Firefox. By default, it's set to update manually, but you can select similar options to Firefox using the Advanced optionin the Updates tab.
With both of these tasks accomplished, you should no longer be at risk from either CVE.