Back

Tails 7.8 Released: Critical Kernel Vulnerabilities Patched and Thunderbird Updated

Severity: High (Score: 70.5)

Sources: Heise.De, tails.net

Published: 2026-05-21 · Updated: 2026-05-21

Keywords: thunderbird, tails, version, anonymizing, linux, email, additional

Summary

The Tails operating system has released version 7.8, addressing multiple kernel vulnerabilities including CVE-2026-46300, which has a CVSS score of 7.8, indicating a high risk. The update also removes the Thunderbird email client from the base system, offering it only as an add-on to ensure users can maintain an up-to-date version. This change aims to mitigate security risks associated with outdated software versions included in previous Tails releases. The new version includes automatic updates for Thunderbird, enhancing user security. Users are advised to activate the 'Additional Software' and 'Thunderbird Email Client' functions in persistent storage to utilize this feature. The update also includes a patched sandbox escape vulnerability related to Flatpaks. The Tor Browser is updated to version 15.0.14, which addresses several security issues. Tails 7.8 is available for USB and DVD installations, allowing users to navigate the web anonymously. Key Points: • Tails 7.8 patches critical kernel vulnerabilities, including CVE-2026-46300. • Thunderbird is now an optional add-on to improve security and update frequency. • Users must enable specific functions in persistent storage to access the new Thunderbird version.

Detailed Analysis

**Impact** Users of the Tails anonymizing Linux distribution are affected, particularly those relying on the built-in Thunderbird email client and kernel security. The vulnerabilities could allow privilege escalation leading to full system compromise and potential deanonymization. This impacts privacy-focused individuals globally, including activists, journalists, and others requiring secure, anonymous communications. The scope includes all Tails installations prior to version 7.8, with no specific sector or geographic limitations provided. **Technical Details** Tails 7.8 patches multiple Linux kernel vulnerabilities, including CVE-2026-46300 (Fragnesia, CVSS 7.8), and fixes a sandbox escape vulnerability in Flatpak’s Yelp application. The DirtyFrag privilege escalation vulnerability was addressed in the prior emergency update 7.7.3. Thunderbird is now offered only as an add-on to allow timely security updates aligned with Debian releases, mitigating risks from outdated email client versions. The Tor Browser is updated to version 15.0.14, based on Firefox ESR 140.11, closing several security flaws. No specific IOCs or attacker infrastructure details are provided. **Recommended Response** Users should upgrade to Tails 7.8 immediately, enabling the Persistent Storage features “Additional Software” and “Thunderbird Email Client” to maintain updated email client security. If automatic upgrades fail, manual upgrades following official instructions must be performed. Defenders should monitor for exploitation attempts targeting kernel vulnerabilities and sandbox escapes in Flatpak applications. No additional detection signatures or IOCs are available from the provided information.

Source articles (2)

  • Version 7.8 — tails.net · 2026-05-21
    If you have both the Thunderbird Email Client and Additional Software features of the Persistent Storage turned on, Tails automatically adds Thunderbird to your list of additional software . A new ver…
  • Anonymizing Linux: Tails 7.8 makes Thunderbird an add-on — Heise.De · 2026-05-21
    The anonymizing Linux distribution Tails closes the recently discovered kernel vulnerabilities in its new version 7.8. Furthermore, it removes Thunderbird from the base and now offers the email progra…

Timeline

  • 2026-05-21 — Tails 7.8 released: Tails 7.8 addresses multiple kernel vulnerabilities and updates Thunderbird as an add-on to enhance security.
  • 2026-05-21 — CVE-2026-46300 disclosed: CVE-2026-46300 is identified as a high-risk kernel vulnerability with a CVSS score of 7.8, affecting Tails.
  • Recent — Thunderbird migration feature introduced: A new dialog called 'Thunderbird Migration' is included to simplify the transition for users.

CVEs

  • CVE-2026-46300

Related entities

  • CWE-269 - Improper Privilege Management (Cwe)
  • firefox.as (Domain)
  • german.it (Domain)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • Linux (Platform)
  • DirtyFrag (Vulnerability)
  • Fragnesia (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed