Impact
When E2EE is turned on an audio cue is played to let the user know E2EE has been activated.
This indication was played back also on unsupported browsers such as Firefox, when processing a presence stanza from another user indicating they turned E2EE on.
Users would hear "E2EE is ON" and be mislead into thinking they are using E2EE when they aren't.
Patches
Fixed in version 2.0.7830.
Workarounds
No, upgrading is necessary.
Reported by
Robertas Maleckas, ETH Zurich, Prof. Kenny Paterson, ETH Zurich, Prof. Martin Albrecht, Royal Holloway, University of London
For more information
https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2022-0001.md
Impact
When E2EE is turned on an audio cue is played to let the user know E2EE has been activated.
This indication was played back also on unsupported browsers such as Firefox, when processing a presence stanza from another user indicating they turned E2EE on.
Users would hear "E2EE is ON" and be mislead into thinking they are using E2EE when they aren't.
Patches
Fixed in version 2.0.7830.
Workarounds
No, upgrading is necessary.
Reported by
Robertas Maleckas, ETH Zurich, Prof. Kenny Paterson, ETH Zurich, Prof. Martin Albrecht, Royal Holloway, University of London
For more information
https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2022-0001.md