firefox updates

Firefox 17.0.10esr has been released with several security fixes and all of the Tor Browser Bundles have been updated. All users are encouraged to upgrade.

https://www.torproject.org/projects/torbrowser.html.en#downloads

Tor Browser Bundle (2.3.25-14)

• Update Firefox to 17.0.10esr
  https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
• Update LibPNG to 1.6.6
• Update NoScript to 2.6.8.4
• Update HTTPS-Everywhere to 3.4.2
• Firefox patch changes:
• Hide infobar for missing plugins. (closes: #9012)
• Change the default entry page for the addons tab to the installed addons page. (closes: #8364)
• Make flash objects really be click-to-play if flash is enabled. (closes: #9867)
• Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661)
• Remove polipo and privoxy from the banned ports list. (closes: #3661)
• misc: Fix a potential memory leak in the Image Cache isolation
• misc: Fix a potential crash if OS theme information is ever absent

Tor Browser Bundle (2.4.17-rc-1)

• Update Firefox to 17.0.10esr
  https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
• Update LibPNG to 1.6.6
• Update NoScript to 2.6.8.4
• Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this becoming the stable bundle
• Firefox patch changes:
• Hide infobar for missing plugins. (closes: #9012)
• Change the default entry page for the addons tab to the installed addons page. (closes: #8364)
• Make flash objects really be click-to-play if flash is enabled. (closes: #9867)
• Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661)
• Remove polipo and privoxy from the banned ports list. (closes: #3661)
• misc: Fix a potential memory leak in the Image Cache isolation
• misc: Fix a potential crash if OS theme information is ever absent

The stable and beta Tor Browser Bundles have been updated with Firefox 17.0.9esr. This release of Firefox has many important security updates and all users are strongly encouraged to upgrade.

The beta version includes an updated HTTPS Everywhere which fixes the problems many users were having with the google.com OCSP meltdown.

https://www.torproject.org/projects/torbrowser.html.en#downloads

Tor Browser Bundle (2.3.25-13)

• Update Firefox to 17.0.9esr
  https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
• Update HTTPS Everywhere to 3.4.1
• Update NoScript to 2.6.7.1
• Remove extraneous libevent libraries (closes: #9727)
• Enable GCC hardening for Tor
• Firefox patch changes:
• - Disable filtered results in Startpage omnibox (closes: #8839)

Tor Browser Bundle (2.4.17-beta-2)

• Update Firefox to 17.0.9esr
  https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
• Update LibPNG to 1.6.3
• Update HTTPS Everywhere to 4.0development.12
• Update NoScript to 2.6.7.1
• Remove extraneous libevent libraries (closes: #9727)
• Enable GCC hardening for Tor
• Firefox patch changes:
• - Disable filtered results in Startpage omnibox (closes: #8839)
• Add missing geoip file to Linux bundle

(entry missing from regular changelog)

There is a new Firefox 17.0.6esr out and all of the Tor Browser Bundles (stable and alpha branches) have been updated. The new stable TBBs have a lot of new and updated Firefox patches, so those of you who were experiencing crashes should no longer be seeing that behavior. Please let us know if you do by opening a ticket with details.

The stable Tor Browser Bundles are available at their normal location.

The alpha Tor Browser Bundles are available here.

Tor Browser Bundle (2.3.25-8)

• Update Firefox to 17.0.6esr
• Update HTTPS Everywhere to 3.2
• Update Torbutton to 1.5.2
• Update libpng to 1.5.15
• Update NoScript to 2.6.6.1
• Firefox patch changes:
• Apply font limits to @font-face local() fonts and disable fallback
  rendering for @font-face. (closes: #8455)
• Use Optimistic Data SOCKS handshake (improves page load performance).
  (closes: #3875)
• Honor the Windows theme for inverse text colors (without leaking those
  colors to content). (closes: #7920)
• Increase pipeline randomization and try harder to batch pipelined
  requests together. (closes: #8470)
• Fix an image cache isolation domain key misusage. May fix several image
  cache related crash bugs with New Identity, exit, and certain websites.
  (closes: #8628)
• Torbutton changes:
• Allow session restore if the user allows disk actvity (closes: #8457)
• Remove the Display Settings panel and associated locales (closes: #8301)
• Fix "Transparent Torification" option. (closes: #6566)
• Fix a hang on New Identity. (closes: #8642)
• Build changes:
• Fetch our source deps from an https mirror (closes: #8286)
• Create watch scripts for syncing mirror sources and monitoring mirror
  integrity (closes: #8338)

Tor Browser Bundle (2.4.12-alpha-2)

• Update Firefox to 17.0.6esr
• Update NoScript to 2.6.6.1

We have some test Tor Browser Bundles available for testing! They contain Firefox 17.0.2esr which we're planning to switch to in February. Just as a reminder: these are alpha bundles. We're still testing them ourselves but we want to get them out for wider circulation so we can find out about any dealbreaker bugs before moving Firefox 17 into the stable bundles. For the more sophisticated users out there, we'd love it if you could run Wireshark with the bundles and let us know if you see anything untoward.

Alpha Tor Browser Bundles can be downloaded here:

https://www.torproject.org/projects/torbrowser.html.en

All of the Tor packages have been updated with Tor 0.2.4.9-alpha as well.

https://www.torproject.org/download/download-easy

Tor Browser Bundle (2.4.9-alpha-1)

• Update Firefox to 17.0.2esr
• Update Tor to 0.2.4.9-alpha
• Update Torbutton to 1.5.0pre-alpha
• Update NoScript to 2.6.4.3
• Update HTTPS-Everywhere to 4.0development.5
• Add Mozilla's PDF.js extension to give people the ability to read PDFs in
  TBB
• Prevent TBB from trying to access the X session manager (closes: #5261)
• Firefox patch changes:
• Isolate image cache to url bar domain (closes: #5742 and #6539)
• Enable DOM storage and isolate it to url bar domain (closes: #6564)
• Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
• Misc preference changes:
• Disable DOM performance timers (dom.enable_performance) (closes: #6204)
• Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
• Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
• Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)

After a year of testing, new tor browser bundles which include the new stable branch of Tor are now available. A full changelog is available for every operating system.

The Tor 0.2.3.x stable branch represents over a year of work on improvements to the core Tor technology behind Tor Browser.

Tor Browser is available for download at https://www.torproject.org/download/download-easy.html.en

Software updates included in this release are:

Tor Browser Bundle (2.3.25-1)

• Update Tor to 0.2.3.25
• Update Firefox 10.0.11esr
• Update Vidalia to 0.2.21
• Update NoScript to 2.6.2

All of the Tor Browser Bundles have been updated with the latest Firefox 10.0.10esr release and all of the alpha packages, including the alpha Tor Browser Bundles, have been updated with the latest release of Tor 0.2.3.24-rc.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-5)

• Update Firefox to 10.0.10esr
• Update NoScript to 2.5.9

Tor Browser Bundle (2.3.24-alpha-1)

• Update Tor to 0.2.3.24-rc
• Update Firefox to 10.0.10esr
• Update NoScript to 2.5.9
• Update HTTPS Everywhere to 4.0development.2

The stable Tor Browser Bundles have been updated to fix a crash bug that existed in the previous version. If you were experiencing problems, please update and let us know if you have any further problems.

All alpha bundles have also been updated to Tor 0.2.3.23-rc. We've downgraded the Firefox version in the alpha Tor Browser Bundles to 10.0.9esr and will continue to keep the same version of Firefox in both bundles for the foreseeable future. In addition to that, the Linux and OS X versions have automatic port selection re-enabled, so those of you who were experiencing trouble running a concurrent system Tor on those systems should no longer have any issues.

All users who were using Tor 0.2.3.22-rc are strongly encouraged to upgrade.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-4)

• Update Firefox patches to prevent crashing (closes: #7128)
• Update HTTPS Everywhere to 3.0.2
• Update NoScript to 2.5.8

Tor Browser Bundle (2.3.23-alpha-1)

• Update Tor to 0.2.3.23-rc
• Update Firefox to 10.0.9esr
• Update HTTPS Everywhere to 4.0development.1
• Update NoScript to 2.5.8
• Re-enable automatic Control and SOCKS port selection on Linux and OSX

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.07esr release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-2)

• Update Firefox to 10.0.7esr
• Update Libevent to 2.0.20-stable
• Update NoScript to 2.5.2
• Update HTTPS Everywhere to 2.2.1

The Tor Browser Bundles have all been updated to the latest Firefox 12.0 as well as a number of other software updates, bugfixes, and new features. We've rebranded Firefox so it should now be more easy to distinguish between it and your normal Firefox. We've also added Korean and Vietnamese to the available languages.

UPDATE: The Mac OS X 64-bit bundles had a minor Vidalia problem that prevented TorBrowser from being launched. They have been updated to 2.2.35-9.1 and are now available on the website.

https://www.torproject.org/download

Tor Browser Bundle (2.2.35-9)

• Update Firefox to 12.0
• Update OpenSSL to 1.0.1b
• Update Libevent to 2.0.18-stable
• Update Qt to 4.8.1
• Update Libpng to 1.5.10
• Update HTTPS Everywhere to 2.0.2
• Update NoScript to 2.3.9
• Rebrand Firefox to TorBrowser (closes: #2176)
• New Firefox patches
• Make Download Manager memory-only (closes: #4017)
• Add DuckDuckGo and Startpage to Omnibox (closes: #4902)
• Add Steven Michaud's OS X crash fix patch. It doesn't fix #5021 but will hopefully help us debug further. See also:
  https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35
• Make the 32-bit Tor Browser Bundle compatible with OS X 10.5

The Tor Browser Bundles for Linux have all been updated to really include the latest Firefox, 10.0.2.

https://www.torproject.org/download

Tor Browser Bundle for Linux (2.2.35-7.2)

• Really update Firefox to 10.0.2
• Update libpng to 1.5.9

Please note that this time around, I made and signed the bundles as Erinn is travelling. I hope all the previous issues have been fixed, and would like to apologize for taking so long to get updated Linux bundles out. Please report any issues you find on our bugtracker.

You can find my gpg key's fingerprint on the signing keys page.