Tor Browser 6.5a4-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a4-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.5-alpha, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.2j.

This release includes numerous bug fixes and improvements. Most notably we improved our Unix domain socket support by resolving all the issues that showed up in the previous alpha and by making sure all connections to tor (not only the control port related ones) are using this feature now.

Additionally, we fixed a lot of usability bugs, most notably those caused by our window resizing logic. We moved the relevant code out of Torbutton into a C++ patch which we hope to get upstreamed into Firefox. We improved the usability of our security slider as well by reducing the amount of security levels available and redesigning the custom mode.

Finally, we added a donation banner shown in some localized bundles starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

For those who want to know in which ways the alpha and the hardened series differ: check out the discussion we had on the tbb-dev mailing list a while back.

Update (11/16 2213UTC): We currently have problems with our auto-updater at least on Linux systems. The updates are downloaded but don't get applied for yet unknown reasons. We therefore have decided to disable the automatic updates until we understand the problem and provide a fix for it. Progress on that task can be tracked in ticket 20691 in our bug tracker. We are sorry for this inconvenience. Fresh bundles are available on our download page, though.

Update (11/18 0937UTC): We enabled the updates again with an information prompt. One of the following workarounds can be used to avoid the updater error:

  • in about:config, set app.update.staging.enabled to false before attempting to update
  • in about:config, set extensions.torlauncher.control_port_use_socket to false (disabling the control port Unix domain socket) and restart the browser before attempting to update

Here is the full changelog since 6.5a3-hardened:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to tor-0.2.9.5-alpha
    • Update OpenSSL to 1.0.2j
    • Update Torbutton to 1.9.6.7
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 19459: Move resizing code to tor-browser.git
      • Bug 20264: Change security slider to 3 options
      • Bug 20347: Enhance security slider's custom mode
      • Bug 20123: Disable remote jar on all security levels
      • Bug 20244: Move privacy checkboxes to about:preferences#privacy
      • Bug 17546: Add tooltips to explain our privacy checkboxes
      • Bug 17904: Allow security settings dialog to resize
      • Bug 18093: Remove 'Restore Defaults' button
      • Bug 20373: Prevent redundant dialogs opening
      • Bug 20388+20399+20394: Code clean-up
      • Translation updates
    • Update Tor Launcher to 0.2.11.1
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 20185: Avoid using Unix domain socket paths that are too long
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 20304: Support spaces and other special characters for SOCKS socket
    • Bug 20490: Fix assertion failure due to fix for bug 20304
    • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
    • Bug 20442: Backport fix for local path disclosure after drag and drop
    • Bug 20160: Backport fix for broken MP3-playback
    • Bug 20043: Isolate SharedWorker script requests to first party
    • Bug 20123: Always block remote jar files
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 19481: Point the update URL to aus1.torproject.org
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20399+15852: Code clean-up
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build System
    • All Platforms

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

what would be the main difference between the 'regular tor versus the 'hardened one?

See my blog post above: https://lists.torproject.org/pipermail/tbb-dev/2016-June/000382.html has the best "documentation" we have so far.

Is there no chance of enabling any of the hardening in stable builds?
Breaking Firefox's HTML renderer or Javascript interpretor is easier than finding a cryptographic break in the Tor protocol. I know that selfrand and the address sanitizer are a little inconvenient because they might make huge pages take one percent longer to render but didn't Benjamin Franklin say that sacrificing privacy for national security or convenience is bad?
Same with bandwidth/latency padding. Adding a few bytes/milliseconds at random might be a little inconvenient but living in dystopia really worth it just to avoid a few percent overhead?

Except the ASAN everything else can be used in stable builds. Now it's selfrando time.

Selfrando is meant to get included in the stable series at one point. I hope to get it squeezed into the next alpha, we'll see. All the other hardening techniques are more meant to help us notice bugs earlier to fix them in the stable series as fast as possible.

You probably want some effective sandboxing mechanism and we are working on those as well. We hope to have something ready for the next alpha release. And, yes, working on padding mechanisms in tor is ongoing and maybe something worthwhile will even make it into 0.3.0.

That is great news. Thank you all for your work and dedication towards protecting freedom and liberty. The world needs many more people like you.

XML ParseError in UpdateCheck and OptionMenu

Preferences not appear in russian version,
instead yellow page with error appears:

about:preferences

Ошибка синтаксического анализа XML: неопределённая сущность
Адрес: about:preferences
Строка 653, символ 7: ------^

Fresh clean install of your browser.
Please fix it.

Ugh, that's embarrassing. I've put it on our agenda for this month and it will be fixed in the next release, sorry. You can follow the development in https://trac.torproject.org/projects/tor/ticket/20707. Thanks for reporting and using an alpha version!

Thank you for your prompt reponses and engagement with the community at great risk to yourself. Please don't let the hatred of freedom and liberty get any of you down. Your work is greatly appreciated.

i can no longer use Tor Browser control port (9150) to tunnel for example curl.
it used to work but broke after updating the Browser.

What should i do?

protip: the usual port 9150 stops working after this update, to restore it

launch tor browser with this env TOR_SOCKS_PORT=9150

thanks to the wonderful people on #tor irc channel for this.

OpenSSL and hardened is an oxymoron

You can't be serious about security when you use OpenSSL instead of LibreSSL

Goto youtube and watch the :LibreSSL the first 30 days" video

现在中国可以直连Meek节点了, 谢谢!
now china can connect meek bridge, thanks!

I think this is the 3rd edition in a row of the hardened browser and the same problem exists. I'm running it on stable debian security at highest level, no scripts, no vid/img, plain html text pages and editing a comment box just like this one. The whole thing begins to almost freeze up, things get really slow and irresponsive. Task manager says that it is running out of memory, with one tab and nothing fancy. Meanwhile on the same system regular ff45.5 may have 20 tabs loaded with stuff without a hiccup and whole bunch of other things running. On the previous version I had taken your advise to move to a directory close to root (/tmp/torbrowser...) but no difference. TorBr. 6.0* has never had such a thing happen. I also run the same over VPN or without it, no difference. I only use standalone installations.

Any feedback on the issue would greatly be appreciated. Had I used hardened to edit this comment it would surely freeze-up before I would have gotten half-way through.

PS I've run tigershark on the system and it has not encountered anything funny.

Not an answer but... be very careful with executing anything in /tmp
It should really be mounted noexec.

Hi are you still producing the Piratebrowser? I like the feel of the firefox in that version.

We were never producing the Piratebrowser. It was a normal firefox with Tor glued to it, which means it left out all of the security and privacy features from Tor Browser:
https://www.torproject.org/projects/torbrowser/design/

So from our perspective, Piratebrowser has never been a wise thing to run.

That said, yay them for helping to raise the profile of privacy in the world.

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content Syndicate content