tor browser bundle

New Tor Browser Bundles and alpha bundles

The stable Tor Browser Bundles have been updated to fix a crash bug that existed in the previous version. If you were experiencing problems, please update and let us know if you have any further problems.

All alpha bundles have also been updated to Tor 0.2.3.23-rc. We've downgraded the Firefox version in the alpha Tor Browser Bundles to 10.0.9esr and will continue to keep the same version of Firefox in both bundles for the foreseeable future. In addition to that, the Linux and OS X versions have automatic port selection re-enabled, so those of you who were experiencing trouble running a concurrent system Tor on those systems should no longer have any issues.

All users who were using Tor 0.2.3.22-rc are strongly encouraged to upgrade.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-4)

  • Update Firefox patches to prevent crashing (closes: #7128)
  • Update HTTPS Everywhere to 3.0.2
  • Update NoScript to 2.5.8

Tor Browser Bundle (2.3.23-alpha-1)

  • Update Tor to 0.2.3.23-rc
  • Update Firefox to 10.0.9esr
  • Update HTTPS Everywhere to 4.0development.1
  • Update NoScript to 2.5.8
  • Re-enable automatic Control and SOCKS port selection on Linux and OSX

New Tor Browser Bundles

All of the stable Tor Browser Bundles have been updated with the latest Firefox 10.0.9esr release.

https://www.torproject.org/download/download-easy.html.en

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-3)

  • Update Firefox to 10.0.9esr
  • Update Torbutton to 1.4.6.3
  • Update NoScript to 2.5.7
  • Update HTTPS Everywhere to 2.2.2
  • Update libpng to 1.5.13

New bundles (security release)

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.07esr release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-2)

  • Update Firefox to 10.0.7esr
  • Update Libevent to 2.0.20-stable
  • Update NoScript to 2.5.2
  • Update HTTPS Everywhere to 2.2.1

New Tor Browser Bundles

The Tor Browser Bundles have been updated with a bunch of new software: Tor 0.2.2.37, Vidalia 0.2.19, and we have switched to using Firefox's long-term stable release (10.0.5esr).

https://www.torproject.org/download

Tor Browser Bundle (2.2.37-1)

  • Update Tor to 0.2.2.37
  • Switch Firefox to 10.0.5esr, since we will be tracking the extended stable releases for TBB stable versions
  • Update Vidalia to 0.2.19
  • Update Torbutton to 1.4.6
  • Update NoScript to 2.4.4

New Tor Browser Bundles

The Tor Browser Bundles and other packages have all been updated to the latest Tor 0.2.2.36 stable version.

https://www.torproject.org/download

Tor Browser Bundle (2.2.36-1)

  • Update Tor to 0.2.2.36
  • Update NoScript to 2.3.4
  • Update HTTPS Everywhere to 2.0.5

New Tor Browser Bundles for Windows

The Windows Tor Browser Bundles have been updated to fix a security issue which could allow attackers to retrieve the path that the Tor Browser Bundle was installed in. All Windows users are strongly encouraged to update.

https://www.torproject.org/download

Windows Tor Browser Bundle (2.2.35-13)

  • Fix Firefox build to sanitize file paths (closes: #5922)

New Tor Browser Bundles

The Tor Browser Bundles have all been updated to the latest OpenSSL 1.0.1c. All users are strongly encouraged to update.

https://www.torproject.org/download

Tor Browser Bundle (2.2.35-12)

  • Update OpenSSL to 1.0.1c
  • Update Libevent to 2.0.19-stable
  • Update zlib to 1.2.7
  • Update NoScript to 2.4.1

New Tor Browser Bundles (security release)

The Tor Browser Bundles have been updated with a very important security fix. As explained in the previous blog post, a user discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This is now fixed and we strongly encourage all users to update. There are a few other bugfixes in this release, including really fixing (for real this time!) the problem with the Mac OS X bundles crashing.

https://www.torproject.org/download

Tor Browser Bundle (2.2.35-11)

  • Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
  • New Firefox patches:
    • Prevent WebSocket DNS leak (closes: #5741)
    • Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
  • Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
  • Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc (closes: #5740)

Firefox security bug (proxy-bypass) in current TBBs

A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).

To fix this dns leak/security hole, follow these steps:

  1. Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
  2. Type “websocket” (again, without the quotes) into the search bar that appears below "about:config".
  3. Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.

See Tor bug 5741 for more details. We are currently working on new bundles with a better fix.

Syndicate content Syndicate content