tor browser bundle
The Tor Browser Bundles have been updated with a bunch of new software: Tor 0.2.2.37, Vidalia 0.2.19, and we have switched to using Firefox's long-term stable release (10.0.5esr).
Tor Browser Bundle (2.2.37-1)
- Update Tor to 0.2.2.37
- Switch Firefox to 10.0.5esr, since we will be tracking the extended stable releases for TBB stable versions
- Update Vidalia to 0.2.19
- Update Torbutton to 1.4.6
- Update NoScript to 2.4.4
The Tor Browser Bundles and other packages have all been updated to the latest Tor 0.2.2.36 stable version.
Tor Browser Bundle (2.2.36-1)
- Update Tor to 0.2.2.36
- Update NoScript to 2.3.4
- Update HTTPS Everywhere to 2.0.5
The Windows Tor Browser Bundles have been updated to fix a security issue which could allow attackers to retrieve the path that the Tor Browser Bundle was installed in. All Windows users are strongly encouraged to update.
Windows Tor Browser Bundle (2.2.35-13)
- Fix Firefox build to sanitize file paths (closes: #5922)
The Tor Browser Bundles have been updated with a very important security fix. As explained in the previous blog post, a user discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This is now fixed and we strongly encourage all users to update. There are a few other bugfixes in this release, including really fixing (for real this time!) the problem with the Mac OS X bundles crashing.
Tor Browser Bundle (2.2.35-11)
- Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
- New Firefox patches:
- Prevent WebSocket DNS leak (closes: #5741)
- Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
- Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
- Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc (closes: #5740)
A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).
To fix this dns leak/security hole, follow these steps:
- Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
- Type “websocket” (again, without the quotes) into the search bar that appears below "about:config".
- Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.
See Tor bug 5741 for more details. We are currently working on new bundles with a better fix.
We recently switched our build machine to Lion (OS X 10.7) which had some unintended effects on the Firefox/TorBrowser build. After consulting with Mozilla developers, Sebastian Hahn was able to nail down the problem and provide a fix. The Mac OS X Tor Browser Bundles have been updated so they should stop crashing for everyone now. Thanks for your patience!
Tor Browser Bundle (2.2.35-10)
- Make TorBrowser stop crashing on random websites by building with clang instead of llvm-gcc. (closes: #5697)
The Tor Browser Bundles have all been updated to the latest Firefox 12.0 as well as a number of other software updates, bugfixes, and new features. We've rebranded Firefox so it should now be more easy to distinguish between it and your normal Firefox. We've also added Korean and Vietnamese to the available languages.
UPDATE: The Mac OS X 64-bit bundles had a minor Vidalia problem that prevented TorBrowser from being launched. They have been updated to 2.2.35-9.1 and are now available on the website.
Tor Browser Bundle (2.2.35-9)
- Update Firefox to 12.0
- Update OpenSSL to 1.0.1b
- Update Libevent to 2.0.18-stable
- Update Qt to 4.8.1
- Update Libpng to 1.5.10
- Update HTTPS Everywhere to 2.0.2
- Update NoScript to 2.3.9
- Rebrand Firefox to TorBrowser (closes: #2176)
- New Firefox patches
- Make Download Manager memory-only (closes: #4017)
- Add DuckDuckGo and Startpage to Omnibox (closes: #4902)
- Add Steven Michaud's OS X crash fix patch. It doesn't fix #5021 but will hopefully help us debug further. See also:
- Make the 32-bit Tor Browser Bundle compatible with OS X 10.5
We're aware that the Tor Browser version 2.2.35-8 doesn't work on OS X 10.5.8. Ticket 4263 is open to track the issue. We just purchased a Mac Mini as the new build machine. It is in process of being setup and configured for builds. We should have more progress on solving the issue in the next week or so. Thanks for your patience.
There are new alpha Tor Browser Bundles and Vidalia Bundles available for testing!
These bundles include the latest Vidalia 0.3.1 alpha release and Tor 0.2.3.12-alpha.
Right now they are technology previews, so they aren't on the main download page yet, but please try them out and give us feedback in our bug tracker.
Mac OS X
There are also normal Vidalia bundles available for Windows and 32-bit non-ppc OS X (10.5 and up) here:
Mac OS X