New Tor Browser Bundles (security release)

The Tor Browser Bundles have been updated with a very important security fix. As explained in the previous blog post, a user discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This is now fixed and we strongly encourage all users to update. There are a few other bugfixes in this release, including really fixing (for real this time!) the problem with the Mac OS X bundles crashing.


Tor Browser Bundle (2.2.35-11)

  • Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
  • New Firefox patches:
    • Prevent WebSocket DNS leak (closes: #5741)
    • Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
  • Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
  • Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc (closes: #5740)

New Tor Browser Bundles for Mac OS X

We recently switched our build machine to Lion (OS X 10.7) which had some unintended effects on the Firefox/TorBrowser build. After consulting with Mozilla developers, Sebastian Hahn was able to nail down the problem and provide a fix. The Mac OS X Tor Browser Bundles have been updated so they should stop crashing for everyone now. Thanks for your patience!


Tor Browser Bundle (2.2.35-10)

  • Make TorBrowser stop crashing on random websites by building with clang instead of llvm-gcc. (closes: #5697)

Tor Browser Bundle, Mac OSX and 10.5.8

We're aware that the Tor Browser version 2.2.35-8 doesn't work on OS X 10.5.8. Ticket 4263 is open to track the issue. We just purchased a Mac Mini as the new build machine. It is in process of being setup and configured for builds. We should have more progress on solving the issue in the next week or so. Thanks for your patience.

New Tor Browser Bundles released (take two)

We have some more new Tor Browser Bundles out. This is an upgrade to Firefox 3.6.12 which fixes a critical bug and OS X users' Torbutton will now show up.

Tor Browser Bundle for Windows 1.3.12

1.3.12: Release 2010-10-28

  • Update Firefox to 3.6.12

Tor Browser Bundle for Mac OS X 1.0.4

1.0.4: Released 2010-10-28

  • Update Firefox to 3.6.12
  • Fix weird Torbutton location so users can tell it's installed

Tor Browser Bundle for GNU/Linux 1.0.15

1.0.15: Released 2010-10-28

  • Update Firefox to 3.6.12

Mac OS X Vidalia Bundle with out

Vidalia 0.2.10 changed the way we deal with the geoip databases by dropping the remote geoip lookups. This caused a lot of headaches for OS X users because of the layout of the package, but it's fixed in this version. You can download the new version here.

Please let us know if you have further problems by reporting a bug.

New Tor Browser Bundles released

We have some new Tor Browser Bundles out. The main notable upgrades for these are Firefox 3.6.11 and Pidgin 2.7.4 in the Windows IM bundle.

Tor Browser Bundle for Windows 1.3.11

1.3.11: Release 2010-10-25

  • Update Firefox to 3.6.11
  • Update Pidgin to 2.7.4

Tor Browser Bundle for Mac OS X 1.0.3

1.0.3: Released 2010-10-25

  • Update Firefox to 3.6.11

Tor Browser Bundle for GNU/Linux 1.0.14

1.0.14: Released 2010-10-24

  • Update Firefox to 3.6.11

Apple workaround for openssl issues on OS X 10.5 and 10.6

Apple responded to my bug report about a broken openssl. I've since built test packages for OS X 10.5 and 10.6 users. Their response is:

Thank you for your report of this issue with Tor.

The issue you're seeing is because the current versions of the development tools were created before the OpenSSL security fix, and so do not include the "SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" definition in the OpenSSL headers.

You can work around this issue by supplying the definition to Tor directly, for example by compiling Tor using


This will work on both Leopard and Snow Leopard.

If you have an Intel (i386) Mac, use the normal i386 packages for Tor release at https://www.torproject.org/download.

If you have a PowerPC (ppc) Mac AND are running OS X 10.5 or 10.6, use these packages: read more »

Vidalia bundle, OSX and Qt bugs

It appears Qt-4.3.3 has a bug that is causing Vidalia to crash when the list of Tor nodes refreshes and is sorted. The current and bundles for OSX are built against Qt-4.3.3.

I've downgraded the build hosts to Qt-4.3.2. The rebuilt OSX vidalia-bundle packages for both and are available as:

These bundles contain Vidalia compiled with Qt-4.3.2. This makes Vidalia happy again.

Syndicate content Syndicate content