This release is an emergency release to fix a critical security vulnerability in Tor Browser.

It also fixes other security vulnerabilities. You should upgrade as soon as possible.

Critical security vulnerabilities in Tor Browser

Fixed arbitrary code execution

This vulnerability is fixed in Tails 3.14.1.

A critical vulnerability was discovered in the JavaScript engine of Firefox and Tor Browser. This vulnerability allowed a malicious website to execute arbitrary code, which means possibly taking over your browser and turning it into a malicious application.

This vulnerability has already been used to target employees of the Coinbase cryptocurrency exchange.

People using the Safer or Safest security level of Tor Browser are not affected because the feature of JavaScript that is affected (the just-in-time compilation) is disabled in these security levels.

Because Tor Browser in Tails is confined using AppArmor, the impact of this vulnerability in Tails is less than in other operating systems. For example, an exploited Tor Browser in Tails could have accessed your files in the Tor Browser and Persistent/Tor Browser folders but not anywhere else.

Unfixed sandbox escape

This second vulnerability is still affecting Tails 3.14.1 and Tor Browser is unsafe to use in most cases.

We will fix it as soon as possible.

A security vulnerability was discovered in the sandboxing mechanism of Firefox and Tor Browser. This vulnerability allows a malicious website to bypass some of the confinement built in Firefox, which means possibly spying on the content of other tabs and steal the passwords of other websites.

After Tor Browser has been compromised, the only reliable solution is to restart Tails.

Because Tor Browser in Tails is confined using AppArmor, only the data accessible to Tor Browser might be compromised but not the other applications or your other files. For example, a compromised Tor Browser might access your files in the Tor Browser and Persistent/Tor Browser folders but not anywhere else.

For example, without restarting Tails:

  • It is unsafe to:

    • Log in to a website and also visit an untrusted website. Your password on the first website might be stolen by the untrusted website.

    • Visit an untrusted website if you have sensitive information stored in your Persistent/Tor Browser folder. The untrusted website might access these files.

  • It is safe to:

    • Visit untrusted websites, without logging in, if you have no sensitive information stored in your Tor Browser and Persistent/Tor Browser folders.

    • Log in to several trusted websites without visiting any untrusted websites.

We might update our analysis or announce an emergency release soon in our security advisory.

Upgrades and changes

  • Update Tor Browser to 8.5.2.

  • Update Tor to 0.4.0.5.

  • Upgrade Thunderbird to 60.7.0.

For more details, read our changelog.

Known issues

Tails fails to start a second time on some computers (#16389)

On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu.

We partially fix this issue in 3.14.1 but are still investigating it, so if it happens to you, please report your findings by email to tails-testers@boum.org. Mention the model of the computer and the USB stick. This mailing list is archived publicly.

To fix this issue:

  1. Reinstall your USB stick using the same installation method.

  2. Start Tails for the first time and set up an administration password.

  3. Choose Applications ▸ System Tools ▸ Root Terminal to open a Root Terminal.

  4. Execute the following command:

    sgdisk --recompute-chs /dev/bilibop

You can also test an experimental image:

  1. Download the .img file from our development server.

  2. Install it using the same installation methods.

    We don't provide any OpenPGP signature or other verification technique for this test image. Please only use it for testing.

See the list of long-standing issues.

Get Tails 3.14.1

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from 3.13, 3.13.1, 3.13.2, and 3.14 to 3.14.1.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails on a new USB stick

Follow our installation instructions:

All the data on this USB stick will be lost.

To download only

If you don't need installation or upgrade instructions, you can directly download Tails 3.14.1:

What's coming up?

Tails 3.15 is scheduled for July 9.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!