erinn's blog

New Firefox 17 and Tor alpha bundles

We have some test Tor Browser Bundles available for testing! They contain Firefox 17.0.2esr which we're planning to switch to in February. Just as a reminder: these are alpha bundles. We're still testing them ourselves but we want to get them out for wider circulation so we can find out about any dealbreaker bugs before moving Firefox 17 into the stable bundles. For the more sophisticated users out there, we'd love it if you could run Wireshark with the bundles and let us know if you see anything untoward.

Alpha Tor Browser Bundles can be downloaded here:

https://www.torproject.org/projects/torbrowser.html.en

All of the Tor packages have been updated with Tor 0.2.4.9-alpha as well.

https://www.torproject.org/download/download-easy

Tor Browser Bundle (2.4.9-alpha-1)

  • Update Firefox to 17.0.2esr
  • Update Tor to 0.2.4.9-alpha
  • Update Torbutton to 1.5.0pre-alpha
  • Update NoScript to 2.6.4.3
  • Update HTTPS-Everywhere to 4.0development.5
  • Add Mozilla's PDF.js extension to give people the ability to read PDFs in
    TBB
  • Prevent TBB from trying to access the X session manager (closes: #5261)
    • Firefox patch changes:
    • Isolate image cache to url bar domain (closes: #5742 and #6539)
    • Enable DOM storage and isolate it to url bar domain (closes: #6564)
    • Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
  • Misc preference changes:
    • Disable DOM performance timers (dom.enable_performance) (closes: #6204)
    • Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
    • Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
    • Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)

New Tor Browser Bundles and Tor 0.2.4.7-alpha packages available

All of the Tor Browser Bundles have been updated to Firefox 10.0.12esr in order to address the recent problems with TurkTrust certificates. From Mozilla's post:

TURKTRUST, a certificate authority in Mozilla’s root program, mis-issued two intermediate certificates to customers. TURKTRUST has scanned their certificate database and log files and confirmed that the mistake was made for only two certificates.

This is not a Firefox-specific issue. Nevertheless, we are concerned that at least one of the mis-issued intermediate certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. We are also concerned that the private keys for these certificates were not kept as secure as would be expected for intermediate certificates.

All users are strongly encouraged to upgrade.

There was also a new Tor 0.2.4.7-alpha release and all alpha packages have been updated with that.

A note about the Vidalia bundles:

The plain Vidalia bundles have been discontinued. We apologize for any confusion or inconvenience that this has caused for our users. In order to continue to use the Vidalia bundle as a client, download one of the available bundles, go into the Vidalia "Settings" menu and click "Run as a client only".

https://www.torproject.org/download/download-easy

Tor Browser Bundle (2.3.25-2)

  • Update Firefox to 10.0.12esr
  • Update Libevent to 2.0.21-stable
  • Update HTTPS Everywhere to 3.1.2
  • Update NoScript to 2.6.4.2

Tor Browser Bundle (2.4.7-alpha-1)

  • Update Firefox to 10.0.12esr
  • Update Tor to 0.2.4.7-alpha
  • Update Libevent to 2.0.21-stable
  • Update HTTPS Everywhere to 4.0development.4
  • Update NoScript to 2.6.4.2

New Tor Browser Packages with Tor 0.2.3 upgrade

After a year of testing, new tor browser bundles which include the new stable branch of Tor are now available. A full changelog is available for every operating system.

The Tor 0.2.3.x stable branch represents over a year of work on improvements to the core Tor technology behind Tor Browser.

Tor Browser is available for download at https://www.torproject.org/download/download-easy.html.en

Software updates included in this release are:

Tor Browser Bundle (2.3.25-1)

  • Update Tor to 0.2.3.25
  • Update Firefox 10.0.11esr
  • Update Vidalia to 0.2.21
  • Update NoScript to 2.6.2

New Tor Browser Bundles and alpha bundles

All of the Tor Browser Bundles have been updated with the latest Firefox 10.0.10esr release and all of the alpha packages, including the alpha Tor Browser Bundles, have been updated with the latest release of Tor 0.2.3.24-rc.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-5)

  • Update Firefox to 10.0.10esr
  • Update NoScript to 2.5.9

Tor Browser Bundle (2.3.24-alpha-1)

  • Update Tor to 0.2.3.24-rc
  • Update Firefox to 10.0.10esr
  • Update NoScript to 2.5.9
  • Update HTTPS Everywhere to 4.0development.2

New Tor Browser Bundles and alpha bundles

The stable Tor Browser Bundles have been updated to fix a crash bug that existed in the previous version. If you were experiencing problems, please update and let us know if you have any further problems.

All alpha bundles have also been updated to Tor 0.2.3.23-rc. We've downgraded the Firefox version in the alpha Tor Browser Bundles to 10.0.9esr and will continue to keep the same version of Firefox in both bundles for the foreseeable future. In addition to that, the Linux and OS X versions have automatic port selection re-enabled, so those of you who were experiencing trouble running a concurrent system Tor on those systems should no longer have any issues.

All users who were using Tor 0.2.3.22-rc are strongly encouraged to upgrade.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-4)

  • Update Firefox patches to prevent crashing (closes: #7128)
  • Update HTTPS Everywhere to 3.0.2
  • Update NoScript to 2.5.8

Tor Browser Bundle (2.3.23-alpha-1)

  • Update Tor to 0.2.3.23-rc
  • Update Firefox to 10.0.9esr
  • Update HTTPS Everywhere to 4.0development.1
  • Update NoScript to 2.5.8
  • Re-enable automatic Control and SOCKS port selection on Linux and OSX

New Tor Browser Bundles

All of the stable Tor Browser Bundles have been updated with the latest Firefox 10.0.9esr release.

https://www.torproject.org/download/download-easy.html.en

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-3)

  • Update Firefox to 10.0.9esr
  • Update Torbutton to 1.4.6.3
  • Update NoScript to 2.5.7
  • Update HTTPS Everywhere to 2.2.2
  • Update libpng to 1.5.13

New bundles (security release)

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.07esr release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-2)

  • Update Firefox to 10.0.7esr
  • Update Libevent to 2.0.20-stable
  • Update NoScript to 2.5.2
  • Update HTTPS Everywhere to 2.2.1
Syndicate content Syndicate content