New versions of Tails and Tor Browser fix numerous security issues

Tails is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity.

Several security holes that affect Tails 1.2.3 are now fixed in Tails 1.3:

• Tor Browser and its bundled NSS: Mozilla Foundation Security Advisory 2015-11, Mozilla Foundation Security Advisory 2015-12,Mozilla Foundation Security Advisory 2015-16
• xdg-utils: Debian Security Advisory 3131, Debian Security Advisory 3165
• jasper: Debian Security Advisory 3138
• eglibc: Debian Security Advisory 3142, Debian Security Advisory 3169
• openjdk-7: Debian Security Advisory 3144
• unzip: Debian Security Advisory 3152
• krb5: Debian Security Advisory 3153
• ruby1.9.1: Debian Security Advisory 3157
• xorg-server: Debian Security Advisory 3160
• dbus: Debian Security Advisory 3161
• bind9: Debian Security Advisory 3162
• libreoffice: Debian Security Advisory 3163
• e2fsprogs: Debian Security Advisory 3166
• sudo: Debian Security Advisory 3167

The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.

Tor Browser 4.0.4 is based on Firefox ESR 31.5.0, which features important security updates to Firefox:

• Reading of local files through manipulation of form autocomplete
• Out-of-bounds read and write while rendering SVG content
• Use-after-free in IndexedDB
• Invoking Mozilla updater will load locally stored DLL files
• Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

Additionally, it contains updates to NoScript, HTTPS-Everywhere, and OpenSSL (none of the OpenSSL advisories since OpenSSL 1.0.1i have affected Tor, but the developers decided to update to the latest 1.0.1 release anyway).