JSONRPC vulnerability in Electrum 2.6 to 3.0.4

On January 6th, a vulnerability was disclosed in the Electrum wallet software, that allows malicious websites to execute wallet commands through JSONRPC executed in a web browser. The bug affects versions 2.6 to 3.0.4 of Electrum, on all platforms. It also affects clones of Electrum such as Electron Cash.

Tails users in my opinion must be forced to upgrade Electrum by rolling out a new build and this must be done urgently since the vulnerability is very serious!

For more information about the vulnerability please visit:
https://github.com/spesmilo/electrum-docs/blob/master/cve.rst or https://electrum.org

Related issues

Is duplicate of #15022 (closed)

Original created by @humanrightsdefender on 15207 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information