Tor Browser 3.5.4 is Released
This release updates only OpenSSL to version 1.0.1g, to address potential client-side vectors for CVE-2014-0160.
The browser itself does not use OpenSSL, and is not vulnerable to this CVE. However, this release is still considered an important security update, because it is theoretically possible to extract sensitive information from the Tor client sub-process.
Here is the changelog:
- All Platforms
- Update OpenSSL to 1.0.1g