tor browser

Tor Browser 7.0a1-hardened is released

A new hardened Tor Browser release is available. It can be found in the 7.0a1-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

Tor Browser 7.0a1-hardened is the first hardened alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).

Tor Browser 7.0a1-hardened is the first hardened alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport.

The full changelog since 6.5a6-hardened is:

  • All Platforms
    • Update Firefox to 45.7.0esr
    • Tor to 0.3.0.2-alpha
    • Update Torbutton to 1.9.7
      • Bug 19898: Use DuckDuckGo on about:tor
      • Bug 21091: Hide the update check menu entry when running under the sandbox
      • Bug 21243: Add links to es, fr, and pt Tor Browser manual
      • Bug 21194: Show snowflake in the circuit display
      • Bug 21131: Remove 2016 donation banner
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.9
    • Update NoScript to 2.9.5.3
    • Bug 20471: Allow javascript: links from HTTPS first party pages
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20589: Add new MAR signing key
    • Bug 20735: Add snowflake pluggable transport to alpha Linux builds
  • Build system
    • All platforms

Tor Browser 7.0a1 is released

Tor Browser 7.0a1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 7.0a1 is the first alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).

Tor Browser 7.0a1 is the first alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport. Additionally, we include bug fixes both to our sandboxing solutions for Linux (sandboxed-tor-browser 0.0.3) and macOS. For Windows users we plugged a timezone leak that got introduced by enabling ICU in Firefox when switching to ESR 45.

The full changelog since 6.5a6 is:

  • All Platforms
    • Update Firefox to 45.7.0esr
    • Tor to 0.3.0.2-alpha
    • Update Torbutton to 1.9.7
      • Bug 19898: Use DuckDuckGo on about:tor
      • Bug 21091: Hide the update check menu entry when running under the sandbox
      • Bug 21243: Add links to es, fr, and pt Tor Browser manual
      • Bug 21194: Show snowflake in the circuit display
      • Bug 21131: Remove 2016 donation banner
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.9
    • Update NoScript to 2.9.5.3
    • Bug 20471: Allow javascript: links from HTTPS first party pages
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20589: Add new MAR signing key
  • Windows
    • Bug 20981: On Windows, check TZ for timezone first
  • OS X
    • Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
  • Linux
    • Update sandboxed-tor-browser to 0.0.3
    • Bug 20735: Add snowflake pluggable transport to alpha Linux builds
  • Build system
    • All platforms
    • Linux
      • Bug 21103: Update descriptors for sandboxed-tor-browser 0.0.3

Tor Browser 6.5 is released

Tor Browser 6.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is a major release and the first one in the 6.5 series. First of all it fixes the usual critical bugs in Firefox by updating to ESR 45.7.0. It contains version updates to other bundle components as well: Tor to 0.2.9.9, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and NoScript to 2.9.5.3.

Besides those updates Tor Browser 6.5 ships with a lot of the improvements we have been working on in the past couple of months.

On the security side we always block remote JAR files now and remove the support for SHA-1 HPKP pins. Additionally we backported from an other firefox branch patches to mark JIT pages as non-writable and other crash fixes that could disrupt a Tor Browser session quite reliably.

With respect to user tracking and fingerprinting we now isolate SharedWorker script requests to the first party domain. We improved our timer resolution spoofing and reduced the timing precision for AudioContext, HTMLMediaElement, and Mediastream elements. We stopped user fingerprinting via internal resource:// URLs, and for Windows users we fixed a regression introduced in Tor Browser 6.0 which could leak the local timezone if JavaScript were enabled.

A great deal of our time was spent on improving the usability of Tor Browser. We redesigned the security slider and improved its labels. We moved a lot of Torbutton's privacy settings directly into the respective Firefox menu making it cleaner and more straightforward to use. Finally, we moved as many Torbutton features as possible into Firefox to make it easier for upstreaming them. This allowed us to resolve a couple of window resizing bugs that piled on over the course of the past years.

The features mentioned above are only some of the highlights in Tor Browser 6.5. The full changelog since 6.0.8 is:

  • All Platforms
  • Update Firefox to 45.7.0esr
  • Tor to 0.2.9.9
  • OpenSSL to 1.0.2j
  • Update Torbutton to 1.9.6.12
    • Bug 16622: Timezone spoofing moved to tor-browser.git
    • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
    • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Bug 20701: Allow the directory listing stylesheet in the content policy
    • Bug 19837: Whitelist internal URLs that Firefox requires for media
    • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
    • Bug 19273: Improve external app launch handling and associated warnings
    • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
    • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
    • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
    • Bug 20556: Use pt-BR strings from now on
    • Bug 20614: Add links to Tor Browser User Manual
    • Bug 20414: Fix non-rendering arrow on OS X
    • Bug 20728: Fix bad preferences.xul dimensions
    • Bug 19898: Use DuckDuckGo on about:tor
    • Bug 21091: Hide the update check menu entry when running under the sandbox
    • Bug 19459: Move resizing code to tor-browser.git
    • Bug 20264: Change security slider to 3 options
    • Bug 20347: Enhance security slider's custom mode
    • Bug 20123: Disable remote jar on all security levels
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 17546: Add tooltips to explain our privacy checkboxes
    • Bug 17904: Allow security settings dialog to resize
    • Bug 18093: Remove 'Restore Defaults' button
    • Bug 20373: Prevent redundant dialogs opening
    • Bug 20318: Remove helpdesk link from about:tor
    • Bug 21243: Add links for pt, es, and fr Tor Browser manuals
    • Bug 20753: Remove obsolete StartPage locale strings
    • Bug 21131: Remove 2016 donation banner
    • Bug 18980: Remove obsolete toolbar button code
    • Bug 18238: Remove unused Torbutton code and strings
    • Bug 20388+20399+20394: Code clean-up
    • Translation updates
  • Update Tor Launcher to 0.2.10.3
    • Bug 19568: Set CurProcD for Thunderbird/Instantbird
    • Bug 19432: Remove special handling for Instantbird/Thunderbird
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.9
  • Update NoScript to 2.9.5.3
  • Bug 16622: Spoof timezone with Firefox patch
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 19273: Write C++ patch for external app launch handling
  • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
  • Bug 12523: Mark JIT pages as non-writable
  • Bug 20123: Always block remote jar files
  • Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
  • Bug 19164: Remove support for SHA-1 HPKP pins
  • Bug 19186: KeyboardEvents are only rounding to 100ms
  • Bug 16998: Isolate preconnect requests to URL bar domain
  • Bug 19478: Prevent millisecond resolution leaks in File API
  • Bug 20471: Allow javascript: links from HTTPS first party pages
  • Bug 20244: Move privacy checkboxes to about:preferences#privacy
  • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
  • Bug 20709: Fix wrong update URL in alpha bundles
  • Bug 19481: Point the update URL to aus1.torproject.org
  • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
  • Bug 20442: Backport fix for local path disclosure after drag and drop
  • Bug 20160: Backport fix for broken MP3-playback
  • Bug 20043: Isolate SharedWorker script requests to first party
  • Bug 18923: Add script to run all Tor Browser regression tests
  • Bug 20651: DuckDuckGo does not work with JavaScript disabled
  • Bug 19336+19835: Enhance about:tbupdate page
  • Bug 20399+15852: Code clean-up
  • Windows
    • Bug 20981: On Windows, check TZ for timezone first
    • Bug 18175: Maximizing window and restarting leads to non-rounded window size
    • Bug 13437: Rounded inner window accidentally grows to non-rounded size
  • OS X
    • Bug 20590: Badly resized window due to security slider notification bar on OS X
    • Bug 20439: Make the build PIE on OSX
  • Linux
    • Bug 20691: Updater breaks if unix domain sockets are used
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build system
    • All platforms
      • Bug 20927: Upgrade Go to 1.7.4
      • Bug 20583: Make the downloads.json file reproducible
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
      • Bug 18291: Remove some uses of libfaketime
      • Bug 18845: Make zip and tar helpers generate reproducible archives
    • OS X
      • Bug 20258: Make OS X Tor archive reproducible again
      • Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
      • Bug 19856: Make OS X builds reproducible (getting libfaketime back)
      • Bug 19410: Fix incremental updates by taking signatures into account
      • Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

Tor Browser 6.5a6-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a6-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.7-rc and HTTPS-Everywhere to 5.2.8.

With this release the broken preferences pane in non-en-US locales is fixed and we moved to pt-BR for Portuguese as it turns out that all our translations for Portuguese are containing Brazilian language strings. We added links to the Tor Browser Manual, an effort led by the community team to make help easier available for our users in case of problems.

Here is the full changelog since 6.5a5-hardened:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to tor-0.2.9.7-rc
    • Update Torbutton to 1.9.6.9
      • Bug 16622: Timezone spoofing moved to tor-browser.git
      • Bug 20701: Allow the directory listing stylesheet in the content policy
      • Bug 20556: Use pt-BR strings from now on
      • Bug 20614: Add links to Tor Browser User Manual
      • Bug 20414: Fix non-rendering arrow on OS X
      • Bug 20728: Fix bad preferences.xul dimensions
      • Bug 20318: Remove helpdesk link from about:tor
      • Bug 20753: Remove obsolete StartPage locale strings
      • Bug 20947: Donation banner improvements
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 16622: Spoof timezone with Firefox patch
    • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
    • Bug 20709: Fix wrong update URL in alpha bundles
    • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges

Tor Browser 6.5a6 is released

Tor Browser 6.5a6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.6-rc and HTTPS-Everywhere to 5.2.8.

With this release we made progress in both the usability and security area. In the former we fixed the broken preferences pane in non-en-US bundles and moved to pt-BR bundles for Portuguese as it turns out that all our translations for Portuguese are containing Brazilian language strings. We added links to the Tor Browser Manual, an effort led by the community team to make help easier available for our users in case of problems.

On the security side we are proud to announce the first fruits of our sandboxing efforts.

On Linux the Tor Browser sandbox is centered around Linux namespaces along with seccomp-bpf, and attempts to reduce the attack surface available to adversaries to prevent exploits from succeeding, and to limit the capabilities of an attacker in the event that they do manage to compromise either the tor client instance or the browser itself. This is done by creating lightweight namespace based containers in which the Tor Browser components are run, with various restrictions imposed by the operating system. For example, the container that the browser runs in does not have an IP address to leak, or a connection to the external network except via Tor.

It is made available to end users as a separate downloadable binary, sandboxed-tor-browser, that manages installing and updating Tor Browser, configuring Tor and the sandbox, and running the actual sandboxed Tor Browser. Having bubblewrap installed is required for this to work. Additional documentation about the implementation, known issues, and frequently asked questions is available at our wiki.

We have also made some progress with sandboxing on macOS. Building on the work done in the past by IronFox and similar projects, we have created sandbox profiles for the Tor daemon and for Tor Browser itself. These profiles, along with some command line scripts that use Apple's sandbox-exec command to start Tor and Tor Browser, are included in our Tor Browser 6.5a6 OSX packages. At this time we are asking advanced users to use the OSX sandbox profiles on an experimental basis and give us feedback on any problems that they encounter. In the future, we hope to create software for macOS that is similar to the Linux Tor Browser sandbox.

Besides work on sandboxing this release features our first step in exploring options to harden the memory allocator. We have enabled jemalloc4 on Linux bundles and abort on redzone corruption. We are here especially interested in performance and stability related feedback.

Here is the full changelog since 6.5a5:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to tor-0.2.9.6-rc
    • Update Torbutton to 1.9.6.8
      • Bug 16622: Timezone spoofing moved to tor-browser.git
      • Bug 20701: Allow the directory listing stylesheet in the content policy
      • Bug 20556: Use pt-BR strings from now on
      • Bug 20614: Add links to Tor Browser User Manual
      • Bug 20414: Fix non-rendering arrow on OS X
      • Bug 20728: Fix bad preferences.xul dimensions
      • Bug 20318: Remove helpdesk link from about:tor
      • Bug 20753: Remove obsolete StartPage locale strings
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 16622: Spoof timezone with Firefox patch
    • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
    • Bug 20709: Fix wrong update URL in alpha bundles
    • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges
  • OS X
    • Bug 20121: Create Seatbelt profile(s) for Tor Browser
  • Linux
    • Bug 20352: Integrate sandboxed-tor-browser into our Gitian build
    • Bug 20758: Make Linux sandbox build deterministic
    • Bug 10281: Use jemalloc4 and abort on redzone corruption

Tor Browser 6.0.8 released

Tor Browser 6.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Besides updating Firefox to 45.6.0esr which is fixing important security bugs we ship the latest Tor stable version, 0.2.8.11. HTTPS-Everywhere is updated as well (to 5.2.8) and we make improvements to our default obfs4 bridges.

Here is the full changelog since 6.0.7:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to 0.2.8.11
    • Update Torbutton to 1.9.5.13
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges

Tor Browser 6.5a5 is released

Tor Browser 6.5a5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2) and a fix of our updater code so it can handle unix domain sockets.

The Firefox security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

A note to Linux users: We still require the same update procedure as experienced during the update to 6.5a4: a dialog will be shown asking to either set `app.update.staging.enabled` or `extensions.torlauncher.control_port_use_ipc` and `extensions.torlauncher.socks_port_use_ipc` to `false` (and restart the browser in the latter case) before attempting to update. The fix for this problem is shipped with this release and we will be back to a normal update experience with the update to 6.5a6. We are sorry for this inconvenience.

Here is the full changelog since 6.5a4:

  • All Platforms
    • Update Firefox to 45.5.1esr
    • Update NoScript to 2.9.5.2
  • Linux
    • Bug 20691: Updater breaks if unix domain sockets are used

Tor Browser 6.5a5-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a5-hardened distribution directory and on the download page for hardened builds.

This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2) and a fix of our updater code so it can handle unix domain sockets.

The Firefox security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

Note regarding updating: We still require the same update procedure as experienced during an update to 6.5a4-hardened: a dialog will be shown asking to either set `app.update.staging.enabled` or `extensions.torlauncher.control_port_use_ipc` and `extensions.torlauncher.socks_port_use_ipc` to `false` (and restart the browser in the latter case) before attempting to update. The fix for this problem is shipped with this release and we will be back to a normal update experience with the update to 6.5a6-hardened. We are sorry for this inconvenience.

Here is the full changelog since 6.5a5-hardened:

  • All Platforms
    • Update Firefox to 45.5.1esr
    • Update NoScript to 2.9.5.2
    • Bug 20691: Updater breaks if unix domain sockets are used

Tor Browser 6.0.7 is released

Tor Browser 6.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).

The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.

Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.

We will have alpha and hardened Tor Browser updates out shortly. In the meantime, users of these series can mitigate the security flaw in at least two ways:

1) Set the security slider to "High" as this is preventing the exploit from working.
2) Switch to the stable series until updates for alpha and hardened are available, too.

Here is the full changelog since 6.0.6:

  • All Platforms
    • Update Firefox to 45.5.1esr
    • Update NoScript to 2.9.5.2

Update: We would like to remind everyone that we (The Tor Project) are having our 2016 fundraising campaign! Donate today!

Tor Browser 6.5a4-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a4-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.5-alpha, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.2j.

This release includes numerous bug fixes and improvements. Most notably we improved our Unix domain socket support by resolving all the issues that showed up in the previous alpha and by making sure all connections to tor (not only the control port related ones) are using this feature now.

Additionally, we fixed a lot of usability bugs, most notably those caused by our window resizing logic. We moved the relevant code out of Torbutton into a C++ patch which we hope to get upstreamed into Firefox. We improved the usability of our security slider as well by reducing the amount of security levels available and redesigning the custom mode.

Finally, we added a donation banner shown in some localized bundles starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

For those who want to know in which ways the alpha and the hardened series differ: check out the discussion we had on the tbb-dev mailing list a while back.

Update (11/16 2213UTC): We currently have problems with our auto-updater at least on Linux systems. The updates are downloaded but don't get applied for yet unknown reasons. We therefore have decided to disable the automatic updates until we understand the problem and provide a fix for it. Progress on that task can be tracked in ticket 20691 in our bug tracker. We are sorry for this inconvenience. Fresh bundles are available on our download page, though.

Update (11/18 0937UTC): We enabled the updates again with an information prompt. One of the following workarounds can be used to avoid the updater error:

  • in about:config, set app.update.staging.enabled to false before attempting to update
  • in about:config, set extensions.torlauncher.control_port_use_socket to false (disabling the control port Unix domain socket) and restart the browser before attempting to update

Here is the full changelog since 6.5a3-hardened:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to tor-0.2.9.5-alpha
    • Update OpenSSL to 1.0.2j
    • Update Torbutton to 1.9.6.7
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 19459: Move resizing code to tor-browser.git
      • Bug 20264: Change security slider to 3 options
      • Bug 20347: Enhance security slider's custom mode
      • Bug 20123: Disable remote jar on all security levels
      • Bug 20244: Move privacy checkboxes to about:preferences#privacy
      • Bug 17546: Add tooltips to explain our privacy checkboxes
      • Bug 17904: Allow security settings dialog to resize
      • Bug 18093: Remove 'Restore Defaults' button
      • Bug 20373: Prevent redundant dialogs opening
      • Bug 20388+20399+20394: Code clean-up
      • Translation updates
    • Update Tor Launcher to 0.2.11.1
      • Bug 20111: Use Unix domain sockets for SOCKS port by default
      • Bug 20185: Avoid using Unix domain socket paths that are too long
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 20304: Support spaces and other special characters for SOCKS socket
    • Bug 20490: Fix assertion failure due to fix for bug 20304
    • Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
    • Bug 20442: Backport fix for local path disclosure after drag and drop
    • Bug 20160: Backport fix for broken MP3-playback
    • Bug 20043: Isolate SharedWorker script requests to first party
    • Bug 20123: Always block remote jar files
    • Bug 20244: Move privacy checkboxes to about:preferences#privacy
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 19481: Point the update URL to aus1.torproject.org
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20399+15852: Code clean-up
    • Bug 15953: Weird resizing dance on Tor Browser startup
  • Build System
    • All Platforms
Syndicate content Syndicate content