Tor Browser 6.5a2-hardened is released
A new hardened Tor Browser release is available. It can be found in the 6.5a2-hardened distribution directory and on the download page for hardened builds.
This release features important security updates to Firefox.
In addition to the changes from Tor Browser 6.5a2, this releases integrates Selfrando. For more details about Selfrando integration in Tor Browser, see the Q and A with Georg Koppen and the Selfrando git repository.
Here is the full changelog since 6.5a1-hardened:
- All Platforms
- Update Firefox to 45.3.0esr
- Update Tor to tor-0.2.8.5-rc
- Update Torbutton to 1.9.6.1
- Bug 19689: Use proper parent window for plugin prompt
- Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
- Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
- Bug 19273: Improve external app launch handling and associated warnings
- Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
- Update HTTPS-Everywhere to 5.2.1
- Update NoScript to 2.9.0.12
- Bug 17406: Include Selfrando into our hardened builds
- Bug 19417: Disable asmjs for now
- Bug 19715: Disable the meek-google pluggable transport option
- Bug 19714: Remove mercurius4 obfs4 bridge
- Bug 19585: Fix regression test for keyboard layout fingerprinting
- Bug 19515: Tor Browser is crashing in graphics code
- Bug 18513: Favicon requests can bypass New Identity
- Bug 19273: Write C++ patch for external app launch handling
- Bug 16998: Isolate preconnect requests to URL bar domain
- Bug 18923: Add script to run all Tor Browser regression tests
- Bug 19478: Prevent millisecond resolution leaks in File API
- Bug 19401: Fix broken PDF download button
- Bug 19411: Don't show update icon if a partial update failed
- Bug 19400: Back out GCC bug workaround to avoid asmjs crash
- Bug 19735: Switch default search engine to DuckDuckGo
- Bug 19276: Disable Xrender due to possible performance regressions
- Bug 19725: Remove old updater files left on disk after upgrade to 6.x
- Build System
- All Platforms
- Bug 19703: Upgrade Go to 1.6.3
- All Platforms
Comments
Please note that the comment area below has been archived.
I get an 0xc0000022 error
I get an 0xc0000022 error and cannot open 6.0.3 or 65a2.
I was able to run 6.0.2.
What OS are you running?
What OS are you running?
win 7 home
win 7 home
https://answers.microsoft.com
https://answers.microsoft.com/en-us/windows/forum/windows_7-performance…
And this blog is about HARDENED!
I am not seeing a Windows
I am not seeing a Windows version. Are there no hardened builds for Windows?
Yes, there is currently no
Yes, there is currently no hardened builds for Windows.
what the hell is the point
what the hell is the point in that? Windows is gonna need it the most. Come on, put more work into this!
Hmmm I am no longer able to
Hmmm I am no longer able to open about:preferences
"The address isn't valid" appears.
Works fine for me. Do you
Works fine for me. Do you have more information on how to reproduce this?
When can we expect a Windows
When can we expect a Windows version?
Really hardened means no
Really hardened means no Windows!
They said they're thinking
They said they're thinking about making a windows hardened version too.
I think there is no plan for
I think there is no plan for this at the moment.
What's the status of ASan on
What's the status of ASan on Windows anyways? I find resources 2-4 years old talking about how the Windows port works decently but is a work in progress, but nothing more recent that definitively says it supports it.
The Tor Browser ( 6.0.2 )
The Tor Browser ( 6.0.2 ) keeps on crashing on MAC ox ( 10.11.6 ) i can't visit a site for more than 1 minutes before it crashes and have to restart , i recently updated to (6.0.3 ) im having the same problem
The Tor Browser ( 6.0.2 )
The Tor Browser ( 6.0.2 ) keeps on crashing on MAC ox ( 10.11.6 ) i can't visit a site for more than 1 minutes before it crashes and have to restart , i recently updated ( 6.0.3 ) but nothing change I'm having the same problem
Are 2 GB enough for the
Are 2 GB enough for the hardened version?
Obviously I meant ram, are 2
Obviously I meant ram, are 2 GB of ram enough for the hardened version?
You can run it but the more
You can run it but the more you have the better. Hardened version likes lots of memory.
The hardened version eats up
The hardened version eats up memory like popcorn. Give it a try but it really needs lots of memory to use comfortably.
when running javascript or
when running javascript or 10+ tabs sometimes it takes up 4+ gb
good
good
After updating from the
After updating from the previous version via the auto-updater, i could no longer load https websites.
http worked fine.
I had to do a manual download of the new verison.
Thanks for everything though, Tor helps keep us all safe online.
Why did you switch from
Why did you switch from DDG's onion service to their duckduckgo.com address?
It's not clear how reliable
It's not clear how reliable the onion one is. Apart from that we did not switch from the .onion one either (which you can still select) as we used Disonncect so far.
seemed like the only way to
seemed like the only way to use tor.
I have tested the hardened
I have tested the hardened version since it's inception.
I have had problem with "memory-leak" behavior were my 6GB RAM was
maxed out.
This version seems a little better although it eats a considerable amount of
RAM.
In Tor Browser 6.0.3 the
In Tor Browser 6.0.3
the Add-ons Manager says:
"no script could not be verified for use in tor browser"
Could you give us more
Could you give us more details? Does this happen with a fresh 6.0.3 downloaded from our website? Or after an update from a previous Tor Browser version? Which operating system are you using? How can I reproduce your problem?
Update from previous
Update from previous version, Win 8. Reinstalled noscript and no problems after
Hi, I'm using TorBrowser
Hi,
I'm using TorBrowser 6.0.3.
If I click on "New Identity" the middle and exit node change, however the entry node stays the same.
Is this behavior correct?
Greetings.
Yes, it is. This defends you
Yes, it is. This defends you against a bunch of possible attacks and is intended.
Thank you for your fast
Thank you for your fast response.
I was confused because I remembered someone stating that changing the complete node path regularly would be statistically more secure.
On start up I am getting
On start up I am getting message "Your Firefox is out of date. Please download a fresh copy."
I check for new Tor Browser updates but there are none.
I don't think I should click "Get Firefox" which my browser is suggesting.
Why is this?
This is due to a bug in
This is due to a bug in 6.0.3 which went unnoticed so far. Mozilla fixed the issue for us on the server-side to give us time getting a new version out. See the 6.0.3 blog update for details.
What is the difference
What is the difference between Tor 6.0.4 and 6.5a2 and 6.5a2 hardened?
Why has the option to turn
Why has the option to turn javascript on and off in the top left corner disappeared in the latest windows version of tor browser?! I can't even find a blog post about this or comments. What possible reason could there be to do this? This has just caused ongoing problems for the past 45 mins while I try to find an alternative way to do this. Why remove such a useful feature?! The only other option similar I can find is "disable add ons such as flash" - Well this is very unclear whether it has anything to do with java or not as the option was there in previous versions and seemed to have no effect on java. I cannot believe this option has been removed with no explanation and no obvious alternative way to turn this on and off...