tbb

A new hardened Tor Browser release is available. It can be found in the 6.5a3-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

In addition to the changes from Tor Browser 6.5a3, the creation of incremental MARs for hardened builds is now fixed.

Note: Due to bug 20185 Tor Browser will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path.

• All Platforms
• Update Firefox to 45.4.0esr
• Update Tor to 0.2.9.2-alpha
• Update OpenSSL to 1.0.2h (bug 20095)
• Update Torbutton to 1.9.6.4
  • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
  • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
  • Bug 19995: Clear site security settings during New Identity
  • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
  • Bug 19837: Whitelist internal URLs that Firefox requires for media
  • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
  • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
  • Bug 14271: Make Torbutton work with Unix Domain Socket option
  • Translation updates
• Update Tor Launcher to 0.2.11
  • Bug 14272: Make Tor Launcher work with Unix Domain Socket option
  • Bug 19568: Set CurProcD for Thunderbird/Instantbird
  • Bug 19432: Remove special handling for Instantbird/Thunderbird
  • Translation updates
• Update HTTPS-Everywhere to 5.2.4
• Update NoScript to 2.9.0.14
• Bug 19851: Fix ASan error by upgrading GCC to 5.4.0
• Bug 17858: Fix creation of incremental MARs for hardened builds
• Bug 14273: Backport patches for Unix Domain Socket support
• Bug 19890: Disable installation of system addons
• Bug 17334: Spoof referrer when leaving a .onion domain
• Bug 20092: Rotate ports for default obfs4 bridges
• Bug 20040: Add update support for unpacked HTTPS Everywhere
• Bug 20118: Don't unpack HTTPS Everywhere anymore
• Bug 19336+19835: Enhance about:tbupdate page
• Build system
  • All platforms
    • Bug 20133: Don't apply OpenSSL patch anymore
    • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version

Tor Browser 6.5a3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

This release bumps the versions of several of our components: Firefox to 45.4.0esr, Tor to 0.2.9.2-alpha and OpenSSL to 1.0.2h, HTTPS-Everywhere to 5.2.4, NoScript to 2.9.0.14. Additionally we are adding Unix Domain Socket support on Linux and OSX, the about:tbupdate page giving information about the update has been improved, the referrer spoofing for .onion domains has been moved from Torbutton to C++ patches.

Note: Due to bug 20185 Tor Browser on Linux and OS X will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path.

Update (9/22 07:15 UTC): We got reports about updates failing on OS X systems. We are still investigating the problem but this is likely due to a combination of issues. For one we might have introduced a permission problem by trying to get our incremental updates working again. Secondly, unix domain socket paths for the control port that contain spaces are not working. See comment 5 in bug 20210 for a preliminary analysis and workarounds. We are sorry for the inconvenience.

Here is the full changelog since 6.5a2:

• All Platforms
  • Update Firefox to 45.4.0esr
  • Update Tor to 0.2.9.2-alpha
  • Update OpenSSL to 1.0.2h (bug 20095)
  • Update Torbutton to 1.9.6.4
    • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
    • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
    • Bug 19995: Clear site security settings during New Identity
    • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
    • Bug 19837: Whitelist internal URLs that Firefox requires for media
    • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
    • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
    • Bug 14271: Make Torbutton work with Unix Domain Socket option
    • Translation updates
  • Update Tor Launcher to 0.2.10.1
    • Bug 14272: Make Tor Launcher work with Unix Domain Socket option
    • Bug 19568: Set CurProcD for Thunderbird/Instantbird
    • Bug 19432: Remove special handling for Instantbird/Thunderbird
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.4
  • Update NoScript to 2.9.0.14
  • Bug 14273: Backport patches for Unix Domain Socket support
  • Bug 19890: Disable installation of system addons
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 20092: Rotate ports for default obfs4 bridges
  • Bug 20040: Add update support for unpacked HTTPS Everywhere
  • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Bug 19336+19835: Enhance about:tbupdate page
• Android
  • Bug 19706: Store browser data in the app home directory
• Build system
  • All platforms
    • Bug 20133: Don't apply OpenSSL patch anymore
    • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
  • OS X
    • Bug 19856: Make OS X builds reproducible again
    • Bug 19410: Fix incremental updates by taking signatures into account

Tor Browser 6.0.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

That vulnerability allows an attacker who is able to obtain a valid certificate for addons.mozilla.org to impersonate Mozilla's servers and to deliver a malicious extension update, e.g. for NoScript. This could lead to arbitrary code execution. Moreover, other built-in certificate pinnings are affected as well. Obtaining such a certificate is not an easy task, but it's within reach of powerful adversaries (e.g. nation states).

Thanks to everyone who helped investigating this bug and getting a bugfix release out as fast as possible.

We are currently building the alpha and hardened bundles (6.5a3 and 6.5a3-hardened) that will contain the fix for alpha/hardened channel users. We expect them to get released at the beginning of next week. Until then users are strongly encouraged to use Tor Browser 6.0.5.

Apart from fixing Firefox vulnerabilities this release comes with a new Tor stable version (0.2.8.7), an updated HTTPS-Everywhere (5.2.4), and fixes minor bugs.

Here is the full changelog since Tor Browser 6.0.4:

• All Platforms
  • Update Firefox to 45.4.0esr
  • Update Tor to 0.2.8.7
  • Update Torbutton to 1.9.5.7
    • Bug 19995: Clear site security settings during New Identity
    • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
  • Update HTTPS-Everywhere to 5.2.4
  • Bug 20092: Rotate ports for default obfs4 bridges
  • Bug 20040: Add update support for unpacked HTTPS Everywhere
• Windows
  • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
• Linux
  • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
• Android
  • Bug 19706: Store browser data in the app home directory
• Build system
  • All platforms
    • Upgrade Go to 1.4.3

Tor Browser 6.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release finally brings Tor Browser users the latest Tor stable, 0.2.8.6, and avoids pinging Mozilla's servers for system extensions.

Pinging Mozilla's servers was responsible for users getting an extension into their Tor Browser that resulted in annoying and confusing "Your Firefox is out of date" notifications on start-up (bug 19890). Thanks to Mozilla engineers, who fixed that issue as quickly as possible on their side, the extension is not shipped to Tor Browser users anymore since August 11 13:00 UTC. This takes care of getting the add-on removed as well in case it got installed into Tor Browser (as does the fix we ship in Tor Browser 6.0.4) which should have happened/is happening during the next extension update ping. For further information see the discussion in our bug tracker.

Users that are on the alpha channel or are using the hardened Tor Browser were not affected. The same goes for Tails users as far as we know.

The full changelog since Tor Browser 6.0.3 is:

Tor Browser 6.0.4 -- August 16

• All Platforms
  • Update Tor to 0.2.8.6
  • Update NoScript to 2.9.0.14
  • Bug 19890: Disable installation of system addons

A new hardened Tor Browser release is available. It can be found in the 6.5a2-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

In addition to the changes from Tor Browser 6.5a2, this releases integrates Selfrando. For more details about Selfrando integration in Tor Browser, see the Q and A with Georg Koppen and the Selfrando git repository.

Here is the full changelog since 6.5a1-hardened:

• All Platforms
  • Update Firefox to 45.3.0esr
  • Update Tor to tor-0.2.8.5-rc
  • Update Torbutton to 1.9.6.1
    • Bug 19689: Use proper parent window for plugin prompt
    • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
    • Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
    • Bug 19273: Improve external app launch handling and associated warnings
    • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
  • Update HTTPS-Everywhere to 5.2.1
  • Update NoScript to 2.9.0.12
  • Bug 17406: Include Selfrando into our hardened builds
  • Bug 19417: Disable asmjs for now
  • Bug 19715: Disable the meek-google pluggable transport option
  • Bug 19714: Remove mercurius4 obfs4 bridge
  • Bug 19585: Fix regression test for keyboard layout fingerprinting
  • Bug 19515: Tor Browser is crashing in graphics code
  • Bug 18513: Favicon requests can bypass New Identity
  • Bug 19273: Write C++ patch for external app launch handling
  • Bug 16998: Isolate preconnect requests to URL bar domain
  • Bug 18923: Add script to run all Tor Browser regression tests
  • Bug 19478: Prevent millisecond resolution leaks in File API
  • Bug 19401: Fix broken PDF download button
  • Bug 19411: Don't show update icon if a partial update failed
  • Bug 19400: Back out GCC bug workaround to avoid asmjs crash
  • Bug 19735: Switch default search engine to DuckDuckGo
  • Bug 19276: Disable Xrender due to possible performance regressions
  • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
• Build System
  • All Platforms
    • Bug 19703: Upgrade Go to 1.6.3

Tor Browser 6.5a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates firefox to 45.3.0esr and contains the improvements that went into Tor Browser 6.0.3. Additionally, Tor is updated to 0.2.8.5-rc, the default search engine has been switched to DuckDuckGo, resource URLs are blocked to avoid fingerprinting.

Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.

Here is the full changelog since 6.5a1:

• All Platforms
  • Update Firefox to 45.3.0esr
  • Update Tor to tor-0.2.8.5-rc
  • Update Torbutton to 1.9.6.1
    • Bug 19689: Use proper parent window for plugin prompt
    • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
    • Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
    • Bug 19273: Improve external app launch handling and associated warnings
    • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
  • Update HTTPS-Everywhere to 5.2.1
  • Update NoScript to 2.9.0.12
  • Bug 19417: Disable asmjs for now
  • Bug 19715: Disable the meek-google pluggable transport option
  • Bug 19714: Remove mercurius4 obfs4 bridge
  • Bug 19585: Fix regression test for keyboard layout fingerprinting
  • Bug 19515: Tor Browser is crashing in graphics code
  • Bug 18513: Favicon requests can bypass New Identity
  • Bug 19273: Write C++ patch for external app launch handling
  • Bug 16998: Isolate preconnect requests to URL bar domain
  • Bug 18923: Add script to run all Tor Browser regression tests
  • Bug 19478: Prevent millisecond resolution leaks in File API
  • Bug 19401: Fix broken PDF download button
  • Bug 19411: Don't show update icon if a partial update failed
  • Bug 19400: Back out GCC bug workaround to avoid asmjs crash
  • Bug 19735: Switch default search engine to DuckDuckGo
• Windows
  • Bug 19348: Adapt to more than one build target on Windows (fixes updates)
  • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
• Linux
  • Bug 19276: Disable Xrender due to possible performance regressions
  • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
• OS X
  • Bug 19269: Icon doesn't appear in Applications folder or Dock
• Android
  • Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
• Build System
  • All Platforms
    • Bug 19703: Upgrade Go to 1.6.3

Tor Browser 6.0.3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 45.3.0esr. Additionally, it bumps NoScript to 2.9.0.12, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.

Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.

Update (August 11, 10:04 UTC): Starting from a couple of hours ago Tor Browser users might see a notification box in their browser claiming that Firefox is too old providing a button to get a newer one. This is both due to a server-side code change on Mozilla's side and an oversight by us during the ESR45 transition. Clicking on the "Get Firefox" button is safe and leads the user to our Tor Browser download page. Needless to say, this whole behavior is highly confusing and we apologize for it. We are working on a fix as quickly as possible and hope to get Mozilla to exempt Tor Browser users from this feature while we are working on a new release. For technical details see our bug tracker.

Here is the full changelog since 6.0.2:

• All Platforms
  • Update Firefox to 45.3.0esr
  • Update Torbutton to 1.9.5.6
    • Bug 19417: Disable asmjs for now
    • Bug 19689: Use proper parent window for plugin prompt
  • Update HTTPS-Everywhere to 5.2.1
  • Update NoScript to 2.9.0.12
  • Bug 19715: Disable the meek-google pluggable transport option
  • Bug 19714: Remove mercurius4 obfs4 bridge
  • Bug 19585: Fix regression test for keyboard layout fingerprinting
  • Bug 19515: Tor Browser is crashing in graphics code
  • Bug 18513: Favicon requests can bypass New Identity
• OS X
  • Bug 19269: Icon doesn't appear in Applications folder or Dock
• Android
  • Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined

Tor Browser 6.0.2 is now available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 6.0.2 is a fixup release to address the most pressing issues we found after switching to Firefox 45.2.0esr.

In particular, we resolved a possible crash bug visible e.g. on Faceboook or mega.nz and we fixed the broken PDF download button in the PDF reader.

Note: In version 6.0 we started code signing the OS X bundle for Gatekeeper support. A side effect of this signature is that it makes it harder to compare the bundles we ship with the bundles produced using reproducible builds, therefore we plan to post instructions for removing the OS X code signing parts on our website soon. An other effect is that the incremental update will not be working for users who installed the previous version using the .dmg file, due to bug 19410. The internal updater should still work, though, doing a complete update.

Update (June 23, 12:38 UTC): We have still some users that report crashes on Facebook and mega.nz. We suspect this happens because those users are not using Tor Browser in its default configuration but have left the Private Browsing Mode. There are at least two workarounds for this: 1) Using a clean new Tor Browser 6.0.2 (including a new profile) solves the problem. 2) As files cached by those websites in the Tor Browser profile are causing the crashes, deleting them helps as well. See bug 19400 for more details in this regard.

Here is the full changelog since 6.0.1:

• All Platforms
  • Update Torbutton to 1.9.5.5
    • Bug 19417: Clear asmjscache
  • Bug 19401: Fix broken PDF download button
  • Bug 19411: Don't show update icon if a partial update failed
  • Bug 19400: Back out GCC bug workaround to avoid asmjs crash
• Windows
  • Bug 19348: Adapt to more than one build target on Windows (fixes updates)
• Linux
  • Bug 19276: Disable Xrender due to possible performance regressions

A new hardened Tor Browser release is available. It can be found in the 6.5a1-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

Tor Browser 6.5a1-hardened is the first hardened release in our 6.5 series. It updates Firefox to 45.2.0esr and contains all the improvements that went into Tor Browser 6.0. Compared to that there are additional noteworthy things that went into this alpha release: we bumped the Tor version to 0.2.8.3-alpha and backported additional security features: exploiting the JIT compiler got made harder and support for SHA1 HPKP pins got removed.

On the infrastructure side, we are now using fastly to deliver the update files. We thank them for their support.

Note: There is no incremental update from 6.0a5-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

Here is the complete changelog since 6.0a5-hardened:

• All Platforms
  • Update Firefox to 45.2.0esr
  • Update Tor to 0.2.8.3-alpha
  • Update Torbutton to 1.9.6
    • Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
    • Bug 18905: Hide unusable items from help menu
    • Bug 17599: Provide shortcuts for New Identity and New Circuit
    • Bug 18980: Remove obsolete toolbar button code
    • Bug 18238: Remove unused Torbutton code and strings
    • Translation updates
    • Code clean-up
  • Update Tor Launcher to 0.2.8.5
    • Bug 18947: Tor Browser is not starting on OS X if put into /Applications
  • Update HTTPS-Everywhere to 5.1.9
  • Update meek to 0.22 (tag 0.22-18371-3)
  • Bug 19121: The update.xml hash should get checked during update
  • Bug 12523: Mark JIT pages as non-writable
  • Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
  • Bug 19164: Remove support for SHA-1 HPKP pins
  • Bug 19186: KeyboardEvents are only rounding to 100ms
  • Bug 18884: Don't build the loop extension
  • Bug 19187: Backport fix for crash related to popup menus
  • Bug 19212: Fix crash related to network panel in developer tools
  • Bug 18703: Fix circuit isolation issues on Page Info dialog
  • Bug 19115: Tor Browser should not fall back to Bing as its search engine
  • Bug 18915+19065: Use our search plugins in localized builds
  • Bug 19176: Zip our language packs deterministically
  • Bug 18811: Fix first-party isolation for blobs URLs in Workers
  • Bug 18950: Disable or audit Reader View
  • Bug 18886: Remove Pocket
  • Bug 18619: Tor Browser reports "InvalidStateError" in browser console
  • Bug 18945: Disable monitoring the connected state of Tor Browser users
  • Bug 18855: Don't show error after add-on directory clean-up
  • Bug 18885: Disable the option of logging TLS/SSL key material
  • Bug 18770: SVGs should not show up on Page Info dialog when disabled
  • Bug 18958: Spoof screen.orientation values
  • Bug 19047: Disable Heartbeat prompts
  • Bug 18914: Use English-only label in <isindex/> tags
  • Bug 18996: Investigate server logging in esr45-based Tor Browser
  • Bug 17790: Add unit tests for keyboard fingerprinting defenses
  • Bug 18995: Regression test to ensure CacheStorage is disabled
  • Bug 18912: Add automated tests for updater cert pinning
  • Bug 16728: Add test cases for favicon isolation
  • Bug 18976: Remove some FTE bridges
• Linux
  • Bug 19189: Backport for working around a linker (gold) bug
• Build System
  • All PLatforms
    • Bug 18333: Upgrade Go to 1.6.2
    • Bug 18919: Remove unused keys and unused dependencies
    • Bug 18291: Remove some uses of libfaketime
    • Bug 18845: Make zip and tar helpers generate reproducible archives

A new alpha Tor Browser release is available for download in the 6.5a1 distribution directory and on the alpha download page.

This release features important security updates to Firefox.

Tor Browser 6.5a1 is the first release in our 6.5 series. It updates Firefox to 45.2.0esr and contains all the improvements that went into Tor Browser 6.0. Compared to that there are additional noteworthy things that went into this alpha release: we bumped the Tor version to 0.2.8.3-alpha and backported additional security features: exploiting the JIT compiler got made harder and support for SHA1 HPKP pins got removed.

On the infrastructure side, we are now using fastly to deliver the update files. We thank them for their support.

Here is the complete changelog since 6.0a5:

• All Platforms
  • Update Firefox to 45.2.0esr
  • Update Tor to 0.2.8.3-alpha
  • Update Torbutton to 1.9.6
    • Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
    • Bug 18905: Hide unusable items from help menu
    • Bug 17599: Provide shortcuts for New Identity and New Circuit
    • Bug 18980: Remove obsolete toolbar button code
    • Bug 18238: Remove unused Torbutton code and strings
    • Translation updates
    • Code clean-up
  • Update Tor Launcher to 0.2.9.3
    • Bug 18947: Tor Browser is not starting on OS X if put into /Applications
  • Update HTTPS-Everywhere to 5.1.9
  • Update meek to 0.22 (tag 0.22-18371-3)
    • Bug 18904: Mac OS: meek-http-helper profile not updated
  • Bug 19121: The update.xml hash should get checked during update
  • Bug 12523: Mark JIT pages as non-writable
  • Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
  • Bug 19164: Remove support for SHA-1 HPKP pins
  • Bug 19186: KeyboardEvents are only rounding to 100ms
  • Bug 18884: Don't build the loop extension
  • Bug 19187: Backport fix for crash related to popup menus
  • Bug 19212: Fix crash related to network panel in developer tools
  • Bug 18703: Fix circuit isolation issues on Page Info dialog
  • Bug 19115: Tor Browser should not fall back to Bing as its search engine
  • Bug 18915+19065: Use our search plugins in localized builds
  • Bug 19176: Zip our language packs deterministically
  • Bug 18811: Fix first-party isolation for blobs URLs in Workers
  • Bug 18950: Disable or audit Reader View
  • Bug 18886: Remove Pocket
  • Bug 18619: Tor Browser reports "InvalidStateError" in browser console
  • Bug 18945: Disable monitoring the connected state of Tor Browser users
  • Bug 18855: Don't show error after add-on directory clean-up
  • Bug 18885: Disable the option of logging TLS/SSL key material
  • Bug 18770: SVGs should not show up on Page Info dialog when disabled
  • Bug 18958: Spoof screen.orientation values
  • Bug 19047: Disable Heartbeat prompts
  • Bug 18914: Use English-only label in <isindex/> tags
  • Bug 18996: Investigate server logging in esr45-based Tor Browser
  • Bug 17790: Add unit tests for keyboard fingerprinting defenses
  • Bug 18995: Regression test to ensure CacheStorage is disabled
  • Bug 18912: Add automated tests for updater cert pinning
  • Bug 16728: Add test cases for favicon isolation
  • Bug 18976: Remove some FTE bridges
• OS X
  • Bug 18951: HTTPS-E is missing after update
  • Bug 18904: meek-http-helper profile not updated
  • Bug 18928: Upgrade is not smooth (requires another restart)
• Linux
  • Bug 19189: Backport for working around a linker (gold) bug
• Build System
  • All PLatforms
    • Bug 18333: Upgrade Go to 1.6.2
    • Bug 18919: Remove unused keys and unused dependencies
    • Bug 18291: Remove some uses of libfaketime
    • Bug 18845: Make zip and tar helpers generate reproducible archives