Six days after releasing Tails 7.7, the team pushed out an emergency update to version 7.7.1 to patch several significant security vulnerabilities in Tor Browser’s underlying engine.

Tor Browser is built on Firefox ESR, and Mozilla had to issue an urgent patch for version 140.10.1 after discovering four vulnerabilities, one of which carries a critical severity rating.

What’s been patched

The most serious flaw involves memory handling defects in Firefox ESR 140.10.0. According to Mozilla, some of these issues showed clear signs of memory corruption and could potentially be exploited to execute arbitrary code on a system (CVE-2026-7322). A second cluster of similar bugs specific to the same version also carries a high-risk rating (CVE-2026-7323).

Two additional issues round out the picture: a high-impact vulnerability that could leak information through the audio/video component (CVE-2026-7320) and a sandbox escape via WebRTC with a moderate severity rating (CVE-2026-7321).

The Tails team notes no evidence of any of these vulnerabilities being actively exploited in the wild.

How to update

Automatic updates are available for anyone running Tails 7.0 or later. If you run into issues, manual updates are available by following instructions on the official site.

Beyond the security fixes, this release bumps Thunderbird to 140.10.0 and makes one structural change worth noting: ISO images no longer work if copied directly to a USB stick. They’re still available for DVD and virtual machines, but USB sticks require the dedicated USB image, which has been the recommended approach since 2019. The change aims to reduce confusion among users who ended up flashing the wrong format, resulting in systems without automatic updates or persistent storage support.