Upgrade Electrum to version 3.0.4. Older versions have JSONRPC vulnerability to steal cryptocurrencies
Upgrade Electrum in Tails OS to version 3.0.4 as versions below it have a critical vunlerability pertaining to JSONRPC and the ability to steal user’s funds.
More info: https://github.com/spesmilo/electrum/issues/3374
Official readme with fix for Electrum 3.0.4:
https://github.com/spesmilo/electrum/blob/3.0.4/RELEASE-NOTES
“Fix a vulnerability caused by Cross-Origin Resource Sharing (CORS)
in the JSONRPC interface. Previous versions of Electrum are
vulnerable to port scanning and deanonimization attacks from
malicious websites. Wallets that are not password-protected are
vulnerable to theft.”
Related issues
- Is duplicate of #15022 (closed)
Original created by @dareaper on 15151 (Redmine)