security fixes | Tor Blog

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

There are new stable releases today, fixing the following security issues. For more information about the issues, follow the links from from https://trac.torproject.org/projects/tor/wiki/TROVE

New Tor Browser Bundles with Firefox 17.0.9esr

The stable and beta Tor Browser Bundles have been updated with Firefox 17.0.9esr.

73 comments

New bundles (security release)

New Bundles (security release)

78 comments

New Tor Browser Bundles (security release)

The Tor Browser Bundles have been updated with a very important security fix.

49 comments

New Tor Browser Bundles

The Tor Browser Bundles have been updated to Tor 0.2.2.35 which has a fix for a security critical bug.

50 comments

Tor 0.2.2.35 is released (security patches)

Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
buffers code. Absolutely everybody should upgrade.

8 comments

Tor 0.2.3.10-alpha is out (security fix)

Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in
Tor's buffers code. Absolutely everybody should upgrade.

4 comments

Tor 0.2.2.34 is released (security patches)

Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.

50 comments

Tor 0.2.3.5-alpha is out

Tor 0.2.3.5-alpha fixes two bugs that make it possible to enumerate
bridge relays; fixes an assertion error that many users started hitting

3 comments

New Tor Browser Bundles

The Tor Browser Bundles have been updated again, this time with Firefox 6.0.2, Torbutton 1.4.2, and more privacy-enhancing patches.

76 comments

Upcoming Events

August 11, 2020 - August 18, 2020

Bornhack (DK)

August 12, 2020 - August 14, 2020

Walking Onions @ USENIX Security Symposium '20

See All Upcoming Events

Recent Updates

Tor’s Bug Smash Fund: Year Two!

The Bug Smash Fund is back for its second year!

New Release: Tor Browser 10.0a4

Tor Browser 10.0a4 is now available from the Tor Browser Alpha download page and also from our

New Release: Tor Browser 9.5.3

Tor Browser 9.5.3 is now available from the Tor Browser download page and also from our

New alpha release: Tor 0.4.4.3-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.3-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by mid-August.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.4.3-alpha fixes several annoyances in previous versions, including one affecting NSS users, and several affecting the Linux seccomp2 sandbox.

Changes in version 0.4.4.3-alpha - 2020-07-27

Major features (fallback directory list):
- Replace the 148 fallback directories originally included in Tor 0.4.1.4-rc (of which around 105 are still functional) with a list of 144 fallbacks generated in July 2020. Closes ticket 40061.
Major bugfixes (NSS):
- When running with NSS enabled, make sure that NSS knows to expect nonblocking sockets. Previously, we set our TCP sockets as nonblocking, but did not tell NSS, which in turn could lead to unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha.