Tor Browser 5.5.2 is released

Tor Browser 5.5.2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.

The full changelog since 5.5.1 is:

Tor Browser 5.5.2 -- February 12 2016

  • All Platforms
    • Update Firefox to 38.6.1esr
    • Update NoScript to 2.9.0.3

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

thanx so much

Many thanks!

thank you guys. i love you all

Hmm, getting the error "The integrity of the update could not be verified" when I try to update. I'm on Qubes-Whonix. Tried getting a new identity, which didn't make any difference. The error shows up in 2 of my VM's, but doesn't in another. Any idea what's wrong?

Are they otherwise the same? Which locale are you using? 32 or 64bit?

Edit: And how do you update? Via the Tor Browser internal updater?

via Tor browser, LINUX ubuntu 14.4 64 bit
yes update via Tor browserinternal update automatically

Which locale does your Tor Browser have (do all three have the same?) and are you updating on all machines from the same Tor Browser version? Which one?

Another thing you could do is checking were exactly the issue is by setting `app.update.log` in your Tor Browser to `true` and open the browser console with Ctrl + Shift + J and looking at the log output.

(I'm the person you replied to.) Qubes-Whonix is 64-bit. I restarted Tor Browser, told it again to look for updates, and that fixed it. I'm not sure why restarting Tor Browser fixed it; I've never seen that behavior before. Sadly I don't have any debug output for you.

No worries, glad that it got resolved. I guess your downloads got corrupted somehow.

Speaking of integrity, how is it verified then? I'm a little worried about this auto-update feature in general. Any know attacks? Thanks.

As I am new and don't know, hereby a copy of a posting to help@rt.torproject.org:

5.5.1 (based on Mozilla Firefox 38.6.0)

https://thegreateststorynevertold.tv

Safe mode:

The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is working.
-------------

After 30 minutes trying to figure solution: http://thegreateststorynevertold.tv/portfolio/part-8-pearl-harbor/ Screen changed to:

Forbidden

You don't have permission to access /portfolio/part-8-pearl-harbor/ on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at thegreateststorynevertold.tv Port 80

Or
I get: This request has been denied for security reasons. If you believe this was in error, please contact support.

Reference #18.37535d68.1455279193.d56bd48

------------------------------

Access Denied
You don't have permission to access "http://www.lufthansa.com/us/en/Homepage?" on this server.

----------------------------

I tried to do as secure as possible. Any advise?

These websites are blocking access over Tor. Because Tor's anonymity is sometimes abused, some website operators have chosen to deny access to Tor users.

changing the exit node made that error disappear, you probably just used an exitnode, someone abused before on that site

Firefox "Safe Mode" will disable networking in Tor Browser.

Try using proxy on Tor to unblock these sites.

مساء الخير ومشكورين على هالبرنامج

getting torbutton warn "no SOCKS credentials found for current document" in browser console. proxy setting: http/https without username/password. how to fix this?

I think this message is related to Torbutton not being able to find a domain against which to perform domain isolation for the purpose of showing the tor circuit graph.

It happens because Firefox's own UI uses several windows/documents that trigger Torbutton's algorithm. Examples: about:* pages, some of the Developer Tools sometimes*.

I believe such cases are harmless and you can disregard the warning.

(*) I have also seen this: "Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]"

Sorry, just sent you the log output without "setting `app.update.log` in your Tor Browser to `true`"
Where can I find: setting `app.update.log`?

My bad. You find it by entering `about:config` in your URL bar.

I should not forget to put it back to false??

[snip]

Does not matter much. You should be careful, though, when pasting things somewhere to omit your authentication cookies etc.

thanks guys!

Добавте русский язык

Это точно!!!

да русский язык не помешал бы...

Thanks! Quick question: Is there a reason "Medium-High" uses click-to-play HTML5 audio/video media? I can live with Medium-High for daily use but the HTML5 media click-to-play can be a bit annoying at times

HTML5 audio/video is a huge attack surface. Libraries like ffmpeg try to compete with Flash for the highest number of security bugs.

You have no clue what you're talking about
>Comparing open source to closed source
>Comparing single ffmpeg misconfiguration issue with giant attack surface of flash with hundreds of vulnerabilities
>Clearly don't understand how the tech works

Comparisons aside, his answer is correct: great increase in attack surface + bad vulnerability track record => great increase in de-anonymisation risk.

Thank you <3 + (A)

Hi ,

i have a problem with firefox, i see anything this message "The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is working."

how i can make for have Tor , before i was download this version i never have problem,

thanks & thanks for your working

Maybe TorLauncher is not working?

A common reason for this error is a firewall running on the computer that is preventing connections between the browser and tor.

I cant change the resolution anymore :(

Thanks for a new release.

Why ever would anyone NOT use all maximum security settings?
Just curious...

Practicality, mostly. The maximum security setting does slow many websites down and it disables many web features. Some people (me for example) consider this too high of a price to pay.

people who just pretend to be naive.

thx ; update successed / no problem

NO ENTIENTO EL LEGUAJE PERO DOY LAS GRACIAS POR TENER LA OPURTUNIDAD DE CONTAR CON ESTE POGRAMA GRACIA A USTEDE QUE ME ANDADO AMI ESTA OPORTUNIDAD ES MUY BUENO Y COMPARTIBLE CON MI NAVEGADOR MOZILLA FIREFOX

nice one

Hello, should I be worried about this error? Tor Browser only.

addons.xpi WARN Download of https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suite-2.9.0.4-fx+fn+sm.xpi?filehash=sha256%3A94d036ff45116023bde97e6dee6c79daf2d28804764bfa8937f5d4d3463173f5 failed: Downloaded file hash (7c65095465f8abc7594dd20ad63e20de57fd68b015b016b3c03e0d5692eacb4e) did not match provided hash (94d036ff45116023bde97e6dee6c79daf2d28804764bfa8937f5d4d3463173f5)

Maybe it was just some corrupted download? Or maybe someone tampered with your (TLS) exit connection? Hard to tell. Keep an eye open, I suppose.

Hello,
I will try and make short... I downloaded Tor few days ago, left all settings as Tor has them, did all recommended things, no tool bar stuff, no plugins, and so on. Tor's been running just fine, I use it mainly for one site that I need to log in and change pages. Today 2-12-16 Tor did auto update (5.2.2), all was fine, restarted. So here is the problem.. After I log into that site just fine, after about 5 minutes and changing a few pages on that site, the site logs me out as if the IP address/Tor network disconnected briefly. This keeps happening even after I try different Tor Circuit or New Identity.
Any recommendations would be appreciated. ( will check back later for reply) Thank you.

The site is probably expiring your session when the exit IP changes, as a security measure. Try enabling TrackHostExits in your torrc file located within the tor browser directory. Add the line

TrackHostExits 1

ok

thank you

is it really safe to allow script in https as well as non https websites

gk pls advice and help

let's say it that way: it's less safe. In combination with flash you are definitely leaking your real ip (confirmed with wireshark).

Using Whonix would be a solution to this problem, however, you need to have faith in the guys behind it.

can i run it as guest?

thanks alot

There is a new bug in Tor Browser when the CloudFlare Captcha is encountered. One of the captchas requires the web site visitor to copy and past a string of code into a text box then press "verify" button, but the web page layout in this new version of Tor Browser will hide that button, which makes the verification not possible to proceed (this bug did not exist in earlier versions of Tor Browser). It is kind annoying since lots of websites demand this step to go further.

It sounds like you're confused about the CloudFlare bug where CloudFlare censors websites and requires many thousands of users to solve stupid captchas before allowing people to visit websites.

clodflare captchas never work for me, but...
try disabling stylesheet from the View menu. the button might become visible.

alternatively and much more cumbersom IMO,
menu-click near where the button had been, select "inspect element (Q)"
you might have to move around in the html code pane... until you can select the input button.
edit the style to make visible.

Cloudflare captchas actually started working for me around a week ago, with Javascript disabled. They show a bunch of pictures and say to pick out the street signs, for example. Then you have to copy & paste a code string over. This is the first time in something like a year where they are working for me. It's possible other sites continue to be broken, though.

Thanky you very much for your work!

TBB 5.5.2 version is released because of security updates. Will Tails follow suit or do users have to make do with the insecure Tails 2.0 for the time being?

https://tails.boum.org/news/version_2.0.1/index.en.html

Tails released an update yesterday, updating TB to 5.5.2

https://tails.boum.org/news/version_2.0.1/index.en.html

Danke funktioniert .

still wont go full screen when clicking the square

oop. Got no full-screen big since updating to 5.5.2 :(
any user prefs. in about:config trigger this? I've disabled canvas, additionally!

Setting the homepage to about:tor should help. We are working on this in https://bugs.torproject.org/16725.

thanks a lot

Thanky you very much

Thank's you have in nice cool browser is it really safe to allow script in https well good https websites.

Спасибо!

I'm still updating manually so I can verify the signature with gpg. I know the update server cert is pinned, but a compromise of that server could compromise the package. On the other hand, the tbb package is gpg signed on the developer's machine and would be immune to update server compromise, correct?

How much work would it be for the tbb developers to modify the auto updater to check the download against an embedded gpg signature?

It checks against an embedded signature. And Tor Browser refuses to apply the update if tha signature is wrong. So, even if the update server were compromised that's not enough to get our users to apply a compromised update.

You learn something new every day. Thanks!

Merci!

Thank you so much for all the work - every single day i use Tor and am thankful for it.

thanks you!

nice

thank you

anyone getting could not load xpcom when they boot up tor

Hi,

This new version added some new features which is useful. Keep up the good work. In fact it solved a problem. I was trying to download a file using Microsoft Edge browser but the URL was messed up by our local ISP. I used Tor browser and every thing worked fine.

salut

Can someone please tell me why 5.5.2 updates automatically?

Previously I was promoted to download the tar file and the signature to check with gpg.

Why the change? Shouldn't this have been announced? No everyone likes automatic downloads without knowing in advance!

Not sure what you mean but there have been no updater related changes in a while.

Did you happen to update to 5.5.2 from a really old version? I don't remember which version, but the auto updater was introduced quite a while ago. There is an about:config option to disable it, but I'm not sure if TorButton still blinks when a new tarball is available since the auto updater was enabled, so you would risk running an outdated version if you disable it.

thanks so much

veray nice

Danke !!!!

thank you

Thankfully because Tor Browser anti filter internet . this anti is great.

Hello bro!

how to change independently new circuit (TIME change)?
or auto change 3 minutes

The Tor configuration shipped with Tor Browser already changes circuit based on time (10 minutes IIRC). I would advice not changing it, but if you still want to do it read the tor manual page.

Cannot install latest Tor update. I attempt to install and I am given a error pop-up message from Windows 10 reporting I may have another copy of Firefox running.

Checked all processes and do not ever see more than the one instance running when I attempt the update. Tried several times and attempted the install later option but no luck.

Any thoughts.......

-----mikeD

For reasons unknown this morning when I started Tor per usual on Firefox the Tor update completed without reported error!

Changelog:
Tor Browser 5.5.2 -- February 12 2016
* All Platforms
* Update Firefox to 38.6.1esr
* Update NoScript to 2.9.0.3

Thanks and keep up the good work!

-----mikeD

After a fresh installation of torbrowser-install-5.5.2_en-US.exe in a new folder I get two pages at start in different tabs. The "Welcome" page and a page saying "Tor Browser has been updated".

What triggers this page with the update notification?
I would like to preclude the possibility of unknown changes after starting a new installation.

Hm... works for me. Does this happen every time you download a clean, fresh Tor Browser 5.5.2 and install it? Which Windows are you using?

The page gets loaded if the browser is detecting a new Tor Browser version after an update. (at least that's the idea)

I found transferring the pref.js with my settings from the previous installation results into the additional tab with the "Tor Browser has been updated" page.
This has not occurred on any previous installation up to Torbrowser 5.5 despite using the same pref.js.

thanks

thank you very much

great job guys and what about updates for Orfox for mobile i use my Android Phone more often 4 internet , i dont need it as much as others do but i have a crappy overheating computer currently when used too much

thank you very much for your work!

good nice one

thank you very much for your work!

I can't use Full page. It try to make but not working. Win10 Enterprise 32bit.

thanks and keep up the grate work with updates keeping us safe :)

Thanks for your continued efforts for our security and privacy !

I am the user of Tor Browser. It sometimes says that some other software is try to identify my computer. What should i do in this case. Will it be safe to go ahead or wait for the solution. Please advise.

Do you mean this notice?

Screenshot of the canvas warning.

Almost always, you can click "Not now" or "Never for this site". You only need to click "Allow in the future" for a few websites that require it.

The notice is Tor Browser's defense against canvas fingerprinting, which is a way to track web browsers by how they draw graphics. It is used a lot by web advertising companies.

How can i deactivate this window so everytime and for all websites it declines to extract html5 canvas image data?
Ty

That's not possible yet. We have a ticket for that in our bugtracker: https://bugs.torproject.org/18027

Process: firefox [625]
Path: /Applications/TorBrowser.app/Contents/MacOS/firefox
Identifier: org.mozilla.tor browser
Version: 5.5.2 (3800.1.1)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: firefox [625]
User ID: 501

Date/Time: 2016-02-16 15:25:17.054 +0300
OS Version: Mac OS X 10.11.3 (15D21)
Report Version: 11
Anonymous UUID: 2C9A98D3-FE93-2258-3E15-896AF08E8552

Sleep/Wake UUID: 5CF91AA6-7602-434B-B8CA-915A87EAC831

Time Awake Since Boot: 5800 seconds
Time Since Wake: 2700 seconds

System Integrity Protection: enabled

Crashed Thread: 0 Dispatch queue: com.apple.main-thread

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000ab000000015
Exception Note: EXC_CORPSE_NOTIFY

VM Regions Near 0xab000000015:
mapped file 0000000125500000-000000012576a000 [ 2472K] rw-/rwx SM=COW
-->
STACK GUARD 0000700000000000-0000700000001000 [ 4K] ---/rwx SM=NUL stack guard for thread 1

Application Specific Information:
objc_msgSend() selector name: hash

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x00007fff95b7d4e9 objc_msgSend + 41
1 com.apple.Foundation 0x00007fff8ef2a4d8 -[NSConcreteMapTable objectForKey:] + 42
2 com.apple.UIFoundation 0x00007fff916a7809 +[__NSFontTypefaceInfo typefaceInfoForPostscriptName:options:] + 155
3 com.apple.UIFoundation 0x00007fff916ae56f __NSGetMetaFontInstance + 983
4 XUL 0x0000000102a7d425 0x1022d6000 + 8025125

Thread 1:
0 libsystem_kernel.dylib 0x00007fff980a36de __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fff993af729 _pthread_wqthread + 1283
2 libsystem_pthread.dylib 0x00007fff993ad365 start_wqthread + 13

Thread 2:: Dispatch queue: com.apple.libdispatch-manager
0 libsystem_kernel.dylib 0x00007fff980a3ff6 kevent_qos + 10
1 libdispatch.dylib 0x00007fff99af8099 _dispatch_mgr_invoke + 216
2 libdispatch.dylib 0x00007fff99af7d01 _dispatch_mgr_thread + 52

Thread 3:
0 libsystem_kernel.dylib 0x00007fff980a36de __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fff993af729 _pthread_wqthread + 1283
2 libsystem_pthread.dylib 0x00007fff993ad365 start_wqthread + 13

Thread 4:
0 libsystem_kernel.dylib 0x00007fff980a36de __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fff993af729 _pthread_wqthread + 1283
2 libsystem_pthread.dylib 0x00007fff993ad365 start_wqthread + 13

Thread 5:: Gecko_IOThread
0 libsystem_kernel.dylib 0x00007fff980a3fc6 kevent + 10
1 XUL 0x0000000102540bd1 0x1022d6000 + 2534353

Thread 6:: Socket Thread
0 libsystem_kernel.dylib 0x00007fff980a3176 __select + 10
1 libnss3.dylib 0x00000001021ec565 poll + 485

Thread 7:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 8:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 9:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 10:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 11:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 12:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 13:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 14:: Analysis Helper
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 15:
0 libsystem_kernel.dylib 0x00007fff9809d386 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff9809c7c7 mach_msg + 55
2 XUL 0x0000000104462db0 0x1022d6000 + 35179952

Thread 16:: JS Watchdog
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 17:: Hang Monitor
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 18:
0 libsystem_kernel.dylib 0x00007fff980a36de __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fff993af729 _pthread_wqthread + 1283
2 libsystem_pthread.dylib 0x00007fff993ad365 start_wqthread + 13

Thread 19:
0 libsystem_kernel.dylib 0x00007fff980a36de __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fff993af729 _pthread_wqthread + 1283
2 libsystem_pthread.dylib 0x00007fff993ad365 start_wqthread + 13

Thread 20:: Timer
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff699 PR_WaitCondVar + 249

Thread 21:: Cache2 I/O
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 22:
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 23:: Cert Verify
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 24:: mozStorage #1
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 25:: Proxy R~olution
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 26:: SSL Cert #1
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ffd0f PR_Wait + 303

Thread 27:: RunProcess
0 libsystem_kernel.dylib 0x00007fff980a367e __wait4 + 10
1 XUL 0x00000001023621fe 0x1022d6000 + 573950

Thread 28:: IPDL Background
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 29:: ImageIO
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 30:: ImageDecoder #1
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ffd0f PR_Wait + 303

Thread 31:: Compositor
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 XUL 0x0000000102542aa8 0x1022d6000 + 2542248
3 ??? 0x8000000000000000 0 + 9223372036854775808

Thread 32:: ImageBridgeChild
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 XUL 0x0000000102542aa8 0x1022d6000 + 2542248
3 ??? 0x8000000000000000 0 + 9223372036854775808

Thread 33:: com.apple.NSEventThread
0 libsystem_kernel.dylib 0x00007fff9809d386 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff9809c7c7 mach_msg + 55
2 com.apple.CoreFoundation 0x00007fff8f6d7624 __CFRunLoopServiceMachPort + 212
3 com.apple.CoreFoundation 0x00007fff8f6d6aec __CFRunLoopRun + 1356
4 com.apple.CoreFoundation 0x00007fff8f6d6338 CFRunLoopRunSpecific + 296
5 com.apple.AppKit 0x00007fff8c586065 _NSEventThread + 149
6 libsystem_pthread.dylib 0x00007fff993afc13 _pthread_body + 131
7 libsystem_pthread.dylib 0x00007fff993afb90 _pthread_start + 168
8 libsystem_pthread.dylib 0x00007fff993ad375 thread_start + 13

Thread 34:: DOM Worker
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 35:
0 libsystem_kernel.dylib 0x00007fff9809d386 mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fff9809c7c7 mach_msg + 55
2 XUL 0x0000000104462295 0x1022d6000 + 35177109

Thread 36:: ImageDecoder #2
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ffd0f PR_Wait + 303

Thread 37:: ImageDecoder #3
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ffd0f PR_Wait + 303

Thread 38:: MediaManager
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 39:: StreamTrans #11
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ffd0f PR_Wait + 303

Thread 40:: Cache I/O
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 41:: mozStorage #2
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 42:: mozStorage #3
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 43:: localStorage DB
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ff607 PR_WaitCondVar + 103

Thread 44:: mozStorage #4
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 45:: SSL Cert #2
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767
2 libnss3.dylib 0x00000001021ffd0f PR_Wait + 303

Thread 46:: URL Classifier
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 47:: HTML5 Parser
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 48:: mozStorage #5
0 libsystem_kernel.dylib 0x00007fff980a2eb2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fff993b0150 _pthread_cond_wait + 767

Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000008 rbx: 0x000000010079a9a0 rcx: 0x0000000000000000 rdx: 0x00007fff5fbf4d80
rdi: 0x000000010079a9a0 rsi: 0x00007fff8fac806a rbp: 0x00007fff5fbf4d70 rsp: 0x00007fff5fbf4d28
r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x00000ab000000015 r11: 0x0000000100000000
r12: 0x29004e90cd1b0173 r13: 0x000000010079a9a0 r14: 0x00007fff78a3e0b8 r15: 0x000000010bac4c70
rip: 0x00007fff95b7d4e9 rfl: 0x0000000000010202 cr2: 0x00000001160980ac

Logical CPU: 0
Error Code: 0x02000131
Trap Number: 133

EDIT (gk): Thanks the above should be enough for trying to track you issue down.

[snip]

Thanks. Is that reproducible? If so, how?

I've been unable to use obfs4 custom bridges since 5.5 and it still doesn't work. I used custom bridges when obfs3 was the default and used obfs3 custom but now with obfs4 it doesn't work anymore,I can't use obfs4 custom. Don't know why. I haven't change anything else in tor browser.

[WARN] Proxy Client: unable to connect to xxx.xxx.xxx.xx:xxxxxx ("general SOCKS server failure")

[WARN] Proxy Client: unable to connect to xxx.xxx.xxx.xx:xxxxxx ("general SOCKS server failure")

Your bridges might be down? I just tested it in a Tor Browser 5.5.2 on Linux with a custom obfs4 bridge and it works fine for me.

I've see this same bug with bridges that I know to be up and working. There's a Trac ticket on this.

I've received 7 obfs4 unlisted relays by BridgeDB in the last 2 months. Two of the relays always work, the other 5 never work.

ok

Wow! Interesting update.

Such a minor update...

deepweb?

*Important* question:
Is TAILS vulnerable?:

Remote Code Execution. DNS-Code (getaddrinfo)! glibc!
http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

glibc is patched on debian & ubuntu (slackware is not vulnerable) _ tail is vulnerable as o.s until the next release but , like it is a cd live , i think you can use it.

All speculation here, but I think stack smashing protection (SSP, a feature of GCC) would prevent the remote code execution vuln though not the denial of service. I cant imagine Tails is built without SSP.

thanks :D

thanks for your work

OK

It is creepy that a web server can log what text a users selects on a page for copying.
Tor Browser mitigates this with anonymity but I think dom.event.clipboardevents.enabled should be set to false by default.

Bangla font did not shown.

Danke!!!

Do not operate ONION sites. Upload, but give the error "Unable to Connect". Version - 5.5.2.

thanks so much

Most appreciable browser is this "TOR"

Хоть кто-то проделывает эту работу! Оромное спасибо! (сделаю внос как-только опредеделюсь,как...)

Thanks

Good

Мне нравится )

Thanks for the updates. Your hard work is much appreciated.

nice one

Thank you

OpenSSL 1.0.2g and 1.0.1s security releases due 1st Mar 2016

I've looked at the release notes for the new version, and it looks like Tor should be ok. (It will still be a good idea to upgrade, for your other applications, maybe.)

I know you're not supposed to add any addons... but what would be the risk of just using Tor + ublock origin?

cheers.

hello torproject,
The TAILS distributors will replace Vidalia in TAILS 2.2. Good, its unmaintained for years.
https://tails.boum.org/news/test_2.2-rc1/index.en.html

https://labs.riseup.net/code/issues/6841
BUT, there seems to be no substitute for
Settings -> Advanced -> 'Edit current torcc'.
With editing torcc you can set custom Guard Nodes.
Necessary/mandatory when you boot Tails with DVD.
Otherwise, you won't have normal Guard security like TBB.
This would be a big problem! Wouldn't ?

Without editing torcc for Guard Nodes, TAILS would be a REALLY big problem here)-:.
Please Help. It's important.

Thank a lot tor developers... Great upgrade..good job..

Icant save my passwords...help me plz

Recently I'm upgrade to Tor bundle 5.5.2 I want to write on my wordpress.com and wix.com websites using it As I see it It doesn't work at all. Even I can't post any single thing. While I use firefox+blackbeltprivacy or manually connect my firefox to torbundle by using socks 127.0.0.1 and port the tor port, it works. Now is it Firefox of Tor in question or is it tor routers who in glitch?

Bangla Font is not shown. Please provide solution.

[edit] leaving personal information out, gk

Could you give us an example URL that is broken for you?

Facebook no longer works in this new version. Can anyone attempt it?
I am using the .onion rather than .com URL.
Able to login but unable to view any pictures.

Can anyone answer me why in this update i cannot open .onion sites
and they all open with .cab from the proxy tor2web?I cannot access any hidden services and cant seem to configure it to use Tor directly without the proxy .cab? I remember this happening about 2 years ago with a previous update what are the solutions?

I can't find the shockwave plugg in is there any alternative add on?

I have seen that some videoes are not playing in my browser. it shows that " a plug in is required". how to download a plugin which plays video????

I want to play an online game which requires adobe flash player. I already unchecked the disable plugins. But I can't see any flash player plugin in the add-ons of tor. pls help me. i need flash player. i tried downloading but adobe download manager always stops working

I have had a warning about maximising the browser window and that I should keep it at the default size (can't remember the exact phrase, sorry) but what is the default size?

I keep it at 1200 x 600 as measured by both http://ip-check.info and https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html

Is this OK?
Please advise.
Thanks

There is no single default size as this would impact usability too much. Rather, we round to a multiple of 200x100. Thus, 1200x600 is fine.

Thanks for the info and for your continued valuable work.

Orbot on Android has a nice interface to let you interactively select which country a connection will exit from. Is there any chance you will implement a similar interface for Tor under Windows? It is a hassle to have to set TorExitNodes in the settings file.

There are no such plans. Actually, messing with your path selection is probably not a good idea for your anonymity.

It would be extremely useful to do what she is describing in the original question. For example, if you want to watch a Canadian video that is licensed to only be viewed to a Canadian license, then your exit node has to be Canadian for that.

And I agree with the comment that the current method based on setting Tor ExitNodes is extremely time consuming and cumbersome.

I would like to present my sincere THANKS to the TOR Team for the hard work and for the application new release. That shows that TOR people is awake, alert and working to provide to this browser the space in WEB that it deserves.

Congratulations and thank you all so much!

Jose R Bueno - S Paulo - Brazil

U need to fix plugin shockwawe
it can not start when i want to go on game and ask to uppgrade plugin
and wont start after uppgrading
please fix that i cant go on my games anymore...

Отличный браузер! В отдельных случаях очень выручает!

Syndicate content Syndicate content