tor browser

Discontinuing the hardened Tor Browser series

When we started with the hardened Tor Browser series 18 months ago, we had two main purposes in mind:

  • It should give users an even more secure Tor Browser, especially at higher security levels where JavaScript is partially or completely disabled.
  • It should help us to identify issues earlier, therefore allowing to develop and backport fixes to the Tor Browser alpha and stable series.

The hardened series was a non-stable series on purpose, aimed at experienced users. The reason for that was not only the heavy performance impact of the hardening and debugging features we deployed. Rather, the impact of mixing both in Tor Browser seemed to be not well understood either: for example, does compiling Tor Browser with Address Sanitizer really lead to a more secure browser, given that the sanitizer is mainly intended as a debugging tool? Moreover, just using the hardening options provided by the toolchain seemed to be an incomplete solution to the problem—a bandaid until we could provide a more complete approach to hardening.

Looking again at its purposes above, we think it is safe to say that the hardened series indeed helped us identifying issues early on: with it we found bugs both in Firefox and tor and they got resolved quickly.

The picture is not so clear with respect to the promised security benefits. Part of the problem is that "more secure" can mean a wide variety of things. Another part is that we did not measure if we were indeed adding a security benefit to Tor Browser with all the techniques we deployed. What we learned over the course of the past 18 months, however, is that enabling expensive hardening can aid in making Tor Browser crashes much more reliable.

But that's not the only thing we learned. It seems we underestimated the confusion among users caused by labeling the series as "hardened" while at the same time including features for debugging purposes as well. The resulting experimental character of this series made it hard for users to decide whether that's actually the Tor Browser they wanted to have or not.

Where does that leave us? We've decided to stop having a "hardened" browser series, and instead we'll provide separate tools for the two purposes that it aimed to solve:

Users that are currently on the hardened update channel will get an update to the most recent Tor Browser alpha with a note to use Sandboxed Tor Browser instead for enhanced security. While the Sandboxed Tor Browser is currently in an experimental state itself, we feel that it provides much better safeguards against exploitation than the features we shipped in the hardened series.

Having Sandboxed Tor Browser for hardening the browser experience allows us to do an even better job with finding problems earlier in our Tor Browser patches or code in Tor Browser generally: we can include more debugging aids into special debug builds. We plan to do so and get back to dedicated debug nightly builds when we switch to our reproducible builds manager (rbm), which is happening soon.

Finally, thanks to all users of the hardened Tor Browser series. We hope Sandboxed Tor Browser and the upcoming debug builds will provide an even better match to your needs. If not, please make sure to file a bug in our bug tracker and we'll look into it.

Tor Browser 7.0a3 is released

Update (Apr 24 8:36 UTC): Thanks to all for testing this alpha release so far. It turns out there are a number of issues that are affecting a lot of our alpha users. The following list should give an overview and help to avoid duplicate bug reports:

  • Tor Browser is crashing when opening/downloading files that need an external application to handle them. This is bug 21766.
  • Tor Browser is crashing on about:addons with the security slider set to "high" and does not show any preferences on about:preferences ticked. This issue is tracked in bug 21962.
  • The canvas prompt is not shown anymore in Tor Browser. This issue is tracked in bug 21778.
  • There is no sound on Linux systems without PulseAudio anymore. This is bug 1247056. Check this one out for Mozilla's reasoning behind dropping ALSA support.

Tor Browser 7.0a3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is the first alpha release which is based on Firefox ESR 52. We updated all of our patches that did not get upstreamed yet and made Torbutton and Tor Launcher multiprocess (e10s) compatible. After the first nightly build based on ESR52 went out we already fixed a number of bugs associated with this switch. But more remain, please help!

We hope having e10s and Mozilla's content sandbox enabled will be one of the major new features in the upcoming Tor Browser 7.0 series, both security- and performance-wise. While we are still working on the sandboxing part for Windows, both Linux and macOS have e10s and content sandboxing enabled by default in Tor Browser 7.0a3. There are already a number of bugs related to that on our radar which can be found on our bug tracker and which are tagged with the `tbb-e10s` keyword. If you find more, please report them!

The switch to Firefox ESR 52 raises the system requirements for Tor Browser on Windows and macOS. Computers running Windows and are not SSE2-capable are not supported anymore. On Apple computers with OS X < 10.9 Tor Browser won't run anymore either. Update (Apr 24 8:41 UTC): Only the browser part of Tor Browser is affected by these new constraints. If you are e.g. on Windows and are using the expert bundle or are extracting tor from Tor Browser it should run on any computer it used to run. The same holds for macOS with one exception: tor we ship in Tor Browser won't run on Apple computers with OS X 10.6 anymore either.

We updated our toolchains during the ESR transition as well. In particular we retired the old GCC-based one for our macOS cross-compilation and rely solely on clang/cctools now. As with previous releases building 7.0a3 is fully reproducible on all three supported platforms, even though we needed to deploy a last minute patch for Linux bundles this time.

Apart from switching to the new ESR and dealing with related issues we included a new Tor alpha (0.3.0.5-rc) and updated our NoScript (5.0.2) and HTTPS-Everywhere versions (5.2.14). The Sandboxed Tor Browser for Linux got updated to 0.0.6 making sure it is compatible with Firefox ESR 52.

As in Tor Browser 6.5.2 we provide a fix for Tor Browser crashing on github.com on Windows and for Twitter issues that got reported already a while ago. We update our security slider as well taking newer JIT preferences into account.

A note to Windows users: We signed the .exe files with a new codesigning certificate as the old one is about to expire. If there are issues with that new certificate, e.g. scary warnings showing up after downloading a Tor Browser .exe file and double-clicking on it, please let us know.

The full changelog since Tor Browser 7.0a2 is:

  • All Platforms
    • Update Firefox to 52.1.0esr
    • Tor to 0.3.0.5-rc
    • Update Torbutton to 1.9.7.2
      • Bug 21865: Update our JIT preferences in the security slider
      • Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
      • Bug 21745: Fix handling of catch-all circuit
      • Bug 21547: Fix circuit display under e10s
      • Bug 21268: e10s compatibility for New Identity
      • Bug 21267: Remove window resize implementation for now
      • Bug 21201: Make Torbutton multiprocess compatible
      • Translations update
    • Update Tor Launcher to 0.2.12
      • Bug 21920: Don't show locale selection dialog
      • Bug 21546: Mark Tor Launcher as multiprocess compatible
      • Bug 21264: Add a README file
      • Translations update
    • Update HTTPS-Everywhere to 5.2.14
    • Update NoScript to 5.0.2
    • Update sandboxed-tor-browser to 0.0.6
      • Bug 21764: Use bubblewrap's `--die-with-parent` when supported
      • Fix e10s Web Content crash on systems with grsec kernels
      • Bug 21928: Force a reinstall if an existing hardened bundle is present
      • Bug 21929: Remove hardened/ASAN related code
      • Bug 21927: Remove the ability to install/update the hardened bundle
      • Bug 21244: Update the MAR signing key for 7.0
      • Bug 21536: Remove asn's scramblesuit bridge from Tor Browser
      • Add back old MAR signing key to not break updating Tor Browser stable
      • Add `prlimit64` to the firefox system call whitelist
      • Fix compilation with Go 1.8
      • Use Config.Clone() to clone TLS configs when available
    • Update Go to 1.7.5 (bug 21709)
    • Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
    • Bug 21887: Fix broken error pages on higher security levels
    • Bug 21876: Enable e10s by default on all supported platforms
    • Bug 21876: Always use esr policies for e10s
    • Bug 20905: Fix resizing issues after moving to a direct Firefox patch
    • Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
    • Bug 21885: SVG is not disabled in Tor Browser based on ESR52
    • Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
    • Bug 3246: Double-key cookies
    • Bug 8842: Fix XML parsing error
    • Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
    • Bug 19192: Untrust Blue Coat CA
    • Bug 19955: Avoid confusing warning that favicon load request got cancelled
    • Bug 20005: Backport fixes for memory leaks investigation
    • Bug 20755: ltn.com.tw is broken in Tor Browser
    • Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
    • Bug 20680: Rebase Tor Browser patches to 52 ESR
    • Bug 21917: Add new obfs4 bridges
    • Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
  • Windows
    • Bug 21795: Fix Tor Browser crashing on github.com
    • Bug 12426: Make use of HeapEnableTerminationOnCorruption
    • Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
    • Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
  • OS X
    • Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
    • Bug 21724: Make Firefox and Tor Browser distinct macOS apps
    • Bug 21931: Backport OSX SetupMacCommandLine updater fixes
    • Bug 15910: Don't download GMPs via the local fallback
  • Linux
    • Bug 21907: Fix runtime error on CentOS 6
    • Bug 21748: Fix broken Snowflake build and update bridge details
    • Bug 21954: Snowflake breaks the 7.0a3 build
    • Bug 15910: Don't download GMPs via the local fallback
  • Build system
    • Windows
      • Bug 21837: Fix reproducibility of accessibility code for Windows
      • Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52
      • Bug 21904: Bump mingw-w64 commit to help with sandbox compilation
      • Bug 18831: Use own Yasm for Firefox cross-compilation
    • OS X
      • Bug 21328: Updating to clang 3.8.0
      • Bug 21754: Remove old GCC toolchain and macOS SDK
      • Bug 19783: Remove unused macOS helper scripts
      • Bug 10369: Don't use old GCC toolchain anymore for utils
      • Bug 21753: Replace our old GCC toolchain in PT descriptor
      • Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
    • Linux
      • Bug 21930: NSS libraries are missing from mar-tools archive
      • Bug 21239: Adapt Linux Firefox descriptor to ESR52 (use GTK2)
      • Bug 21960: Linux bundles based on ESR 52 are not reproducible anymore
      • Bug 21629: Fix broken ASan builds when switching to ESR 52

Tor Browser 6.5.2 is released

Tor Browser 6.5.2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This should be the last minor release in the 6.5 series. This release updates Firefox to 45.9.0esr, Noscript to 5.0.2, and HTTPS-Everywhere to 5.2.14.

Moreover, we included a fix for the broken Twitter experience and worked around a Windows related crash bug. To improve our censorship resistance we additionally updated the bridges we ship.

Here is the full changelog since 6.5.1:

  • All Platforms
    • Update Firefox to 45.9.0esr
    • Update HTTPS-Everywhere to 5.2.14
    • Update NoScript to 5.0.2
    • Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
    • Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
    • Bug 21917: Add new obfs4 bridges
    • Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
  • Windows
    • Bug 21795: Fix Tor Browser crashing on github.com

Tor Browser 7.0a2-hardened is released

A new hardened Tor Browser release is available. It can be found in the 7.0a2-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

This hardened alpha release mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to 0.3.0.4-rc, OpenSSL to 1.0.2k, and HTTPS-Everywhere to 5.2.11.

Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.

In the previous release we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.

Another known regression is the resizing of the window. We are currently working on a fix for this issue.

The full changelog since Tor Browser 7.0a1-hardened is:

  • All Platforms
    • Update Firefox to 45.8.0esr
    • Tor to 0.3.0.4-rc
    • OpenSSL to 1.0.2k
    • Update Torbutton to 1.9.7.1
      • Bug 21396: Allow leaking of resource/chrome URIs (off by default)
      • Bug 21574: Add link for zh manual and create manual links dynamically
      • Bug 21330: Non-usable scrollbar appears in tor browser security settings
      • Bug 21324: Don't update NoScript button with timer update
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.11
    • Bug 21514: Restore W^X JIT implementation removed from ESR45
    • Bug 21536: Remove scramblesuit bridge
    • Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
    • Bug 21326: Update the "Using a system-installed Tor" section in start script
  • Build system
    • Bug 17034: Use our built binutils and GCC for building tor
    • Code clean-up

Tor Browser 7.0a2 is released

Tor Browser 7.0a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This alpha release mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to 0.3.0.4-rc, OpenSSL to 1.0.2k, and HTTPS-Everywhere to 5.2.11.

Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.

In the previous release we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.

Another known regression is the resizing of the window. We are currently working on a fix for this issue.

The full changelog since Tor Browser 7.0a1 is:

  • All Platforms
    • Update Firefox to 45.8.0esr
    • Tor to 0.3.0.4-rc
    • OpenSSL to 1.0.2k
    • Update Torbutton to 1.9.7.1
      • Bug 21396: Allow leaking of resource/chrome URIs (off by default)
      • Bug 21574: Add link for zh manual and create manual links dynamically
      • Bug 21330: Non-usable scrollbar appears in tor browser security settings
      • Bug 21324: Don't update NoScript button with timer update
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.11
    • Bug 21514: Restore W^X JIT implementation removed from ESR45
    • Bug 21536: Remove scramblesuit bridge
    • Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
    • Bug 21348: Make snowflake only available on Linux for now
  • Linux
    • Bug 21326: Update the "Using a system-installed Tor" section in start script
  • Build system
    • OS X
      • Bug 21343: Remove unused FTE related parts for macOS
    • Linux
      • Bug 17034: Use our built binutils and GCC for building tor
      • Clean-up

Tor Browser 6.5.1 is released

Tor Browser 6.5.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is the first minor release in the 6.5 series and it mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to 0.2.9.10, OpenSSL to 1.0.2k, and HTTPS-Everywhere to 5.2.11.

Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.

In Tor Browser 6.5 we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.

An other regression introduced in Tor Browser 6.5 is the resizing of the window. We are currently working on a fix for this issue.

Here is the full changelog since 6.5:

  • All Platforms
    • Update Firefox to 45.8.0esr
    • Tor to 0.2.9.10
    • OpenSSL to 1.0.2k
    • Update Torbutton to 1.9.6.14
      • Bug 21396: Allow leaking of resource/chrome URIs (off by default)
      • Bug 21574: Add link for zh manual and create manual links dynamically
      • Bug 21330: Non-usable scrollbar appears in tor browser security settings
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.11
    • Bug 21514: Restore W^X JIT implementation removed from ESR45
    • Bug 21536: Remove scramblesuit bridge
    • Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
  • Linux
    • Bug 21326: Update the "Using a system-installed Tor" section in start script

Tor Browser 7.0a1-hardened is released

A new hardened Tor Browser release is available. It can be found in the 7.0a1-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

Tor Browser 7.0a1-hardened is the first hardened alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).

Tor Browser 7.0a1-hardened is the first hardened alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport.

The full changelog since 6.5a6-hardened is:

  • All Platforms
    • Update Firefox to 45.7.0esr
    • Tor to 0.3.0.2-alpha
    • Update Torbutton to 1.9.7
      • Bug 19898: Use DuckDuckGo on about:tor
      • Bug 21091: Hide the update check menu entry when running under the sandbox
      • Bug 21243: Add links to es, fr, and pt Tor Browser manual
      • Bug 21194: Show snowflake in the circuit display
      • Bug 21131: Remove 2016 donation banner
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.9
    • Update NoScript to 2.9.5.3
    • Bug 20471: Allow javascript: links from HTTPS first party pages
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20589: Add new MAR signing key
    • Bug 20735: Add snowflake pluggable transport to alpha Linux builds
  • Build system
    • All platforms

Tor Browser 7.0a1 is released

Tor Browser 7.0a1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 7.0a1 is the first alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).

Tor Browser 7.0a1 is the first alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport. Additionally, we include bug fixes both to our sandboxing solutions for Linux (sandboxed-tor-browser 0.0.3) and macOS. For Windows users we plugged a timezone leak that got introduced by enabling ICU in Firefox when switching to ESR 45.

The full changelog since 6.5a6 is:

  • All Platforms
    • Update Firefox to 45.7.0esr
    • Tor to 0.3.0.2-alpha
    • Update Torbutton to 1.9.7
      • Bug 19898: Use DuckDuckGo on about:tor
      • Bug 21091: Hide the update check menu entry when running under the sandbox
      • Bug 21243: Add links to es, fr, and pt Tor Browser manual
      • Bug 21194: Show snowflake in the circuit display
      • Bug 21131: Remove 2016 donation banner
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.9
    • Update NoScript to 2.9.5.3
    • Bug 20471: Allow javascript: links from HTTPS first party pages
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20589: Add new MAR signing key
  • Windows
    • Bug 20981: On Windows, check TZ for timezone first
  • OS X
    • Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
  • Linux
    • Update sandboxed-tor-browser to 0.0.3
    • Bug 20735: Add snowflake pluggable transport to alpha Linux builds
  • Build system
    • All platforms
    • Linux
      • Bug 21103: Update descriptors for sandboxed-tor-browser 0.0.3

Tor Browser 6.5 is released

Tor Browser 6.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is a major release and the first one in the 6.5 series. First of all it fixes the usual critical bugs in Firefox by updating to ESR 45.7.0. It contains version updates to other bundle components as well: Tor to 0.2.9.9, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and NoScript to 2.9.5.3.

Besides those updates Tor Browser 6.5 ships with a lot of the improvements we have been working on in the past couple of months.

On the security side we always block remote JAR files now and remove the support for SHA-1 HPKP pins. Additionally we backported from an other firefox branch patches to mark JIT pages as non-writable and other crash fixes that could disrupt a Tor Browser session quite reliably.

With respect to user tracking and fingerprinting we now isolate SharedWorker script requests to the first party domain. We improved our timer resolution spoofing and reduced the timing precision for AudioContext, HTMLMediaElement, and Mediastream elements. We stopped user fingerprinting via internal resource:// URLs, and for Windows users we fixed a regression introduced in Tor Browser 6.0 which could leak the local timezone if JavaScript were enabled.

A great deal of our time was spent on improving the usability of Tor Browser. We redesigned the security slider and improved its labels. We moved a lot of Torbutton's privacy settings directly into the respective Firefox menu making it cleaner and more straightforward to use. Finally, we moved as many Torbutton features as possible into Firefox to make it easier for upstreaming them. This allowed us to resolve a couple of window resizing bugs that piled on over the course of the past years.

The features mentioned above are only some of the highlights in Tor Browser 6.5. The full changelog since 6.0.8 is:

  • All Platforms
  • Update Firefox to 45.7.0esr
  • Tor to 0.2.9.9
  • OpenSSL to 1.0.2j
  • Update Torbutton to 1.9.6.12
    • Bug 16622: Timezone spoofing moved to tor-browser.git
    • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
    • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Bug 20701: Allow the directory listing stylesheet in the content policy
    • Bug 19837: Whitelist internal URLs that Firefox requires for media
    • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
    • Bug 19273: Improve external app launch handling and associated warnings
    • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
    • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
    • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
    • Bug 20556: Use pt-BR strings from now on
    • Bug 20614: Add links to Tor Browser User Manual
    • Bug 20414: Fix non-rendering arrow on OS X
    • Bug 20728: Fix bad preferences.xul dimensions
    • Bug 19898: Use DuckDuckGo on about:tor
    • Bug 21091: Hide the update check menu entry when running under the sandbox
    • Bug 19459: Move resizing code to tor-browser.git
    • Bug 20264: Change security slider to 3 options
    • Bug 20347: Enhance security slider's custom mode
    • Bug 20123: Disable remote jar on all security levels
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 17546: Add tooltips to explain our privacy checkboxes
    • Bug 17904: Allow security settings dialog to resize
    • Bug 18093: Remove 'Restore Defaults' button
    • Bug 20373: Prevent redundant dialogs opening
    • Bug 20318: Remove helpdesk link from about:tor
    • Bug 21243: Add links for pt, es, and fr Tor Browser manuals
    • Bug 20753: Remove obsolete StartPage locale strings
    • Bug 21131: Remove 2016 donation banner
    • Bug 18980: Remove obsolete toolbar button code
    • Bug 18238: Remove unused Torbutton code and strings
    • Bug 20388+20399+20394: Code clean-up
    • Translation updates
  • Update Tor Launcher to 0.2.10.3
    • Bug 19568: Set CurProcD for Thunderbird/Instantbird
    • Bug 19432: Remove special handling for Instantbird/Thunderbird
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.9
  • Update NoScript to 2.9.5.3
  • Bug 16622: Spoof timezone with Firefox patch
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 19273: Write C++ patch for external app launch handling
  • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
  • Bug 12523: Mark JIT pages as non-writable
  • Bug 20123: Always block remote jar files
  • Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
  • Bug 19164: Remove support for SHA-1 HPKP pins
  • Bug 19186: KeyboardEvents are only rounding to 100ms
  • Bug 16998: Isolate preconnect requests to URL bar domain
  • Bug 19478: Prevent millisecond resolution leaks in File API
  • Bug 20471: Allow javascript: links from HTTPS first party pages
  • Bug 20244: Move privacy checkboxes to about:preferences#privacy
  • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
  • Bug 20709: Fix wrong update URL in alpha bundles
  • Bug 19481: Point the update URL to aus1.torproject.org
  • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
  • Bug 20442: Backport fix for local path disclosure after drag and drop
  • Bug 20160: Backport fix for broken MP3-playback
  • Bug 20043: Isolate SharedWorker script requests to first party
  • Bug 18923: Add script to run all Tor Browser regression tests
  • Bug 20651: DuckDuckGo does not work with JavaScript disabled
  • Bug 19336+19835: Enhance about:tbupdate page
  • Bug 20399+15852: Code clean-up
  • Windows
    • Bug 20981: On Windows, check TZ for timezone first
    • Bug 18175: Maximizing window and restarting leads to non-rounded window size
    • Bug 13437: Rounded inner window accidentally grows to non-rounded size
  • OS X
    • Bug 20590: Badly resized window due to security slider notification bar on OS X
    • Bug 20439: Make the build PIE on OSX
  • Linux
    • Bug 20691: Updater breaks if unix domain sockets are used
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build system
    • All platforms
      • Bug 20927: Upgrade Go to 1.7.4
      • Bug 20583: Make the downloads.json file reproducible
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
      • Bug 18291: Remove some uses of libfaketime
      • Bug 18845: Make zip and tar helpers generate reproducible archives
    • OS X
      • Bug 20258: Make OS X Tor archive reproducible again
      • Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
      • Bug 19856: Make OS X builds reproducible (getting libfaketime back)
      • Bug 19410: Fix incremental updates by taking signatures into account
      • Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

Tor Browser 6.5a6-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a6-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.7-rc and HTTPS-Everywhere to 5.2.8.

With this release the broken preferences pane in non-en-US locales is fixed and we moved to pt-BR for Portuguese as it turns out that all our translations for Portuguese are containing Brazilian language strings. We added links to the Tor Browser Manual, an effort led by the community team to make help easier available for our users in case of problems.

Here is the full changelog since 6.5a5-hardened:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to tor-0.2.9.7-rc
    • Update Torbutton to 1.9.6.9
      • Bug 16622: Timezone spoofing moved to tor-browser.git
      • Bug 20701: Allow the directory listing stylesheet in the content policy
      • Bug 20556: Use pt-BR strings from now on
      • Bug 20614: Add links to Tor Browser User Manual
      • Bug 20414: Fix non-rendering arrow on OS X
      • Bug 20728: Fix bad preferences.xul dimensions
      • Bug 20318: Remove helpdesk link from about:tor
      • Bug 20753: Remove obsolete StartPage locale strings
      • Bug 20947: Donation banner improvements
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 16622: Spoof timezone with Firefox patch
    • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
    • Bug 20709: Fix wrong update URL in alpha bundles
    • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges
Syndicate content Syndicate content