tbb

The 3.5.2.1 release of the Tor Browser Bundle is now available on the Download page. You can also download the bundles directly from the distribution directory.

This release fixes the localization of the non-english bundles.

Please see the TBB FAQ listing for any issues you may have before contacting support or filing tickets. In particular, the TBB 3.x section lists common issues specific to the Tor Browser 3.x series.

Here is the list of changes since 3.5.2. The 3.x ChangeLog is also available.

• All Platforms
  • Bug 10895: Fix broken localized bundles
• Windows:
  • Bug 10323: Remove unneeded gcc/libstdc++ libraries from dist

The 3.5.2 release of the Tor Browser Bundle is now available on the Download page. You can also download the bundles directly from the distribution directory.

This release includes important security updates to Firefox.

Please see the TBB FAQ listing for any issues you may have before contacting support or filing tickets. In particular, the TBB 3.x section lists common issues specific to the Tor Browser 3.x series.

Here is the list of changes since 3.5.1. The 3.x ChangeLog is also available.

• Rebase Tor Browser to Firefox 24.3.0ESR
• Bug 10419: Block content window connections to localhost
• Update Torbutton to 1.6.6.0
  • Bug 10800: Prevent findbox exception and popup in New Identity
  • Bug 10640: Fix about:tor's update pointer position for RTL languages.
  • Bug 10095: Fix some cases where resolution is not a multiple of 200x100
  • Bug 10374: Clear site permissions on New Identity
  • Bug 9738: Fix for auto-maximizing on browser start
  • Bug 10682: Workaround to really disable updates for Torbutton
  • Bug 10419: Don't allow connections to localhost if Torbutton is toggled
  • Bug 10140: Move Japanese to extra locales (not part of TBB dist)
  • Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist)
• Update Tor Launcher to 0.2.4.4
  • Bug 10682: Workaround to really disable updates for Tor Launcher
• Update NoScript to 2.6.8.13

Update 12/20: Test builds of Pluggable Transport bundles are now available. See inline and see the FAQ link for more details.

The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series.

Packages are now available from the Tor download page as well as the Tor Package archive.

For now, the Pluggable Transports-capable TBB is still a separate package, maintained by David Fifield. Download them here: https://people.torproject.org/~dcf/pt-bundle/3.5-pt20131217/. We hope to have combined packages available in a beta soon.

For people already using TBB 3.5rc1, the changes are not substantial, and are included below.

However, for users of TBB 2.x and 3.0, this release includes important security updates to Firefox. All users are strongly encouraged to update immediately, as we will not be making further releases in the 2.x or 3.0 series.

In terms of user-facing changes from TBB 2.x, the 3.x series primarily features the replacement of Vidalia with a Firefox-based Tor controller called Tor Launcher. This has resulted in a vast decrease in startup times, and a vast increase in usability. We have also begun work on an FAQ page to handle common questions arising from this transition -- where Vidalia went, how to disable JavaScript, how to check signatures, etc.

The complete changelog for the 3.x series describes the changes since 2.x.

The set of changes since the 3.5rc1 release is:

• All Platforms
  • Update Tor to 0.2.4.19
  • Update Tor Launcher to 0.2.4.2
    • Bug 10382: Fix a Tor Launcher hang on TBB exit
  • Update Torbutton to 1.6.5.2
    • Misc: Switch update download URL back to download-easy

The first release candidate in the 3.5 series of the Tor Browser Bundle is now available from the Tor Package Archive:
https://archive.torproject.org/tor-package-archive/torbrowser/3.5rc1/.

This release includes important security updates to Firefox.

Moreover, the Firefox 17esr release series has been deprecated by Mozilla. This means the imminent end of life for our 2.x and 3.0 bundle series. All 3.0 users are strongly encourage to update immediately, as we will not be making further releases in that series. If this release candidate survives the next few days without issue, this release candidate will be declared stable, and we will officially deprecate the current stable 2.x Tor Browser Bundles and declare their versions out of date as well.

Here is the complete changelog:

• All Platforms
  • Update Firefox to 24.2.0esr
  • Update NoScript to 2.6.8.7
  • Update HTTPS-Everywhere to 3.4.4tbb (special TBB tag)
    • Tag includes a patch to handle enabling/disabling Mixed Content Blocking
  • Bug 5060: Disable health report service
  • Bug 10367: Disable prompting about health report and Mozilla Sync
  • Misc Prefs: Disable HTTPS-Everywhere first-run tooltips
  • Misc Prefs: Disable layer acceleration to avoid crashes on Windows
  • Misc Prefs: Disable Mixed Content Blocker pending backport of Mozilla Bug 878890
  • Update Tor Launcher to 0.2.4.1
    • Bug 10147: Adblock Plus interferes w/Tor Launcher dialog
    • Bug 10201: FF ESR 24 hangs during exit on Mac OS
    • Bug 9984: Support running Tor Launcher from InstantBird
    • Misc: Support browser directory location API changes in Firefox 24
  • Update Torbutton to 1.6.5.1
    • Bug 10352: Clear FF24 Private Browsing Mode data during New Identity
    • Bug 8167: Update cache isolation for FF24 API changes
    • Bug 10201: FF ESR 24 hangs during exit on Mac OS
    • Bug 10078: Properly clear crypto tokens during New Identity on FF24
    • Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF24
• Linux
  • Bug 10213; Use LD_LIBRARY_PATH (fixes launch issues on old Linux distros)

The Tor Project has two browser-related job openings available!

We are looking for a C++ browser developer to work on our Firefox-based browser, and a Firefox extension developer to work on our growing number of Firefox extensions. Our ideal candidates would be comfortable in both roles, but we are also interested in hearing from people with either skillset.

On the C++ side, your tasks would include implementing new Firefox APIs and browser behavior changes; looking for and resolving web privacy issues; fixing bugs; responding on short notice to security issues; and helping to merge patches upstream.

On the extension development side, your primary tasks will include writing patches and UI improvements for Tor Birdy, Torbutton, HTTPS-Everywhere, Tor Launcher, and an OTR plugin for InstantBird. These improvements will primarily revolve around improving usability, Tor configuration, and security for our users.

Instructions on how to apply to the C++ position can be found on the browser hacker job posting. If you would prefer to focus on extension development, you should apply to the extension developer position.

The first release candidate in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:
https://archive.torproject.org/tor-package-archive/torbrowser/3.0rc1/.

This release includes important security updates to Firefox.

Unfortunately, we have decided to remove the PDF.JS addon from this bundle, as the version available for Firefox 17 has stopped receiving updates. Built-in PDF support should return when we transition to Firefox 24 in the coming weeks.

This release should also fix a build reproducibility issue on Windows. All platform binaries should once again be identically reproducible from source by anyone using git tag tbb-3.0rc1-release.

• All Platforms:
  • Update Firefox to 17.0.11esr
  • Update Tor to 0.2.4.18-rc
  • Remove unsupported PDF.JS addon from the bundle
  • Bug #7277: TBB's Tor client will now omit its timestamp in the TLS handshake.
  • Update Torbutton to 1.6.4.1
    • Bug #10002: Make the TBB3.0 blog tag our update download URL for now
• Windows
  • Bug #10102: Patch binutils to remove nondeterministic bytes in compiled binaries
• Linux
  • Bug #10049: Fix architecture check to work from outside TBB's directory
  • Bug #10126: Remove libz and firefox-bin, and strip unstripped binaries
  • Misc: Disable Firefox updater during compile time (in addition to pref)

It turns out that the 64-bit bundles were a bit crashy because of a change in the way they were built. This change has been reverted and I've updated the stable and RC versions of the 2.x series of GNU/Linux Tor Browser Bundles.

Direct links:
Stable 64-bit GNU/Linux Tor Browser Bundle (sig)
RC 64-bit GNU/Linux Tor Browser Bundle (sig)

Tor Browser Bundle (2.3.25-16); suite=linux

• Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
  stop crashing (closes: #10195)

Tor Browser Bundle (2.4.18-rc-2); suite=linux

• Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
  stop crashing (closes: #10195)

Firefox 17.0.11esr has been released with several security fixes and the stable and RC Tor Browser Bundles have been updated

There is also a new Tor 0.2.4.18-rc release and the RC bundles have been updated to include that as well.

https://www.torproject.org/projects/torbrowser.html.en#downloads

Tor Browser Bundle (2.3.25-15)

• Update Firefox to 17.0.11esr
• Update NoScript to 2.6.8.5
• Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
  (closes: #10092)

Tor Browser Bundle (2.4.18-rc-1)

• Update Tor to 0.2.4.18-rc
• Update Firefox to 17.0.11esr
• Update NoScript to 2.6.8.5
• Remove PDF.js since it is no longer supported in Firefox 17
• Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
  (closes: #10092)

The first beta release in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:
https://archive.torproject.org/tor-package-archive/torbrowser/3.0b1/

This release includes important security updates to Firefox, as well as a fix for a startup crash bug on Windows XP.

This release also reorganizes the bundle directory structure to simplify implementation of the FIrefox updater in future releases. This means that extracting the bundle over previous installation will likely not preserve your preferences or bookmarks, and may cause other issues.

This release has also introduced a build reproducibility issue on Windows, hence it is signed only by two keys. We should have this issue fixed by the next beta.

Here is the complete ChangeLog:

• All Platforms:
  • Update Firefox to 17.0.10esr
  • Update NoScript to 2.6.8.2
  • Update HTTPS-Everywhere to 3.4.2
  • Bug #9114: Reorganize the bundle directory structure to ease future autoupdates
  • Bug #9173: Patch Tor Browser to auto-detect profile directory if launched without the wrapper script.
  • Bug #9012: Hide Tor Browser infobar for missing plugins.
  • Bug #8364: Change the default entry page for the addons tab to the installed addons page.
  • Bug #9867: Make flash objects really be click-to-play if flash is enabled.
  • Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API
  • Bug #3661: Remove polipo and privoxy from the banned ports list.
  • misc: Fix a potential memory leak in the Image Cache isolation
  • misc: Fix a potential crash if OS theme information is ever absent
  • Update Tor-Launcher to 0.2.3.1-beta
    • Bug #9114: Handle new directory structure
    • misc: Tor Launcher now supports Thunderbird
  • Update Torbutton to 1.6.4
    • Bug #9224: Support multiple Tor socks ports for about:tor status check
    • Bug #9587: Add TBB version number to about:tor
    • Bug #9144: Workaround to handle missing translation properties
• Windows:
  • Bug #9084: Fix startup crash on Windows XP.
• Linux:
  • Bug #9487: Create detached debuginfo files for Linux Tor and Tor Browser binaries.

Firefox 17.0.10esr has been released with several security fixes and all of the Tor Browser Bundles have been updated. All users are encouraged to upgrade.

https://www.torproject.org/projects/torbrowser.html.en#downloads

Tor Browser Bundle (2.3.25-14)

• Update Firefox to 17.0.10esr
  https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
• Update LibPNG to 1.6.6
• Update NoScript to 2.6.8.4
• Update HTTPS-Everywhere to 3.4.2
• Firefox patch changes:
• Hide infobar for missing plugins. (closes: #9012)
• Change the default entry page for the addons tab to the installed addons page. (closes: #8364)
• Make flash objects really be click-to-play if flash is enabled. (closes: #9867)
• Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661)
• Remove polipo and privoxy from the banned ports list. (closes: #3661)
• misc: Fix a potential memory leak in the Image Cache isolation
• misc: Fix a potential crash if OS theme information is ever absent

Tor Browser Bundle (2.4.17-rc-1)

• Update Firefox to 17.0.10esr
  https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
• Update LibPNG to 1.6.6
• Update NoScript to 2.6.8.4
• Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this becoming the stable bundle
• Firefox patch changes:
• Hide infobar for missing plugins. (closes: #9012)
• Change the default entry page for the addons tab to the installed addons page. (closes: #8364)
• Make flash objects really be click-to-play if flash is enabled. (closes: #9867)
• Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661)
• Remove polipo and privoxy from the banned ports list. (closes: #3661)
• misc: Fix a potential memory leak in the Image Cache isolation
• misc: Fix a potential crash if OS theme information is ever absent