New Tor Browser Bundles

The Tor Browser Bundles have been updated to Firefox 7.0.1 and Tor 0.2.2.33. The bundles were originally uploaded with Firefox 7.0, but a fix was quickly released, so the two changelogs have been merged in this post.

https://www.torproject.org/download

Tor Browser Bundle (2.2.33-2)

Windows fixes

  • Begin building Vidalia with DEP/ASLR

OS X fixes

  • Stop TBB from logging so much information to the system by only allowing dyld log library loads to syslog when it is in debug mode (closes: #4093)

General fixes and updates

  • Update Firefox to 7.0.1
  • Update OpenSSL to 1.0.0e (closes: #3996) (except for OS X)
  • Update Tor to 0.2.2.33
  • Update NoScript to 2.1.2.8
  • Downgrade HTTPS Everywhere to 1.0.3, because we don't want stable TBBs to use development versions of extensions (closes: #4050)
Anonymous

September 30, 2011

Permalink

every time i update with these new builds my aurora and extension settings are forgotten. also something that bugs me is even though i have it set not to resize the window it always opens resized. thanks. also when are we going to have a way to run other apps through tor like in other builds when polipo was still included?

It depends on which settings you mean. In general, the whole profile from last ver can be copied / restored to new TTB. Many general user set prefs are in prefs.js. Others - if you or some extension, etc., has made changes to userChrome.css or userContent.css, are stored there.

My TBB is extracted to D: drive, so path to the profile folder in TBB is:

D:\Program Files (x86)\Security\Tor Browser 2.2.32-4\Tor Browser\FirefoxPortable\Data\profile

If you BU the old profile w/ an addon like FEBE or stand alone prgm for Firefox / Tbird - "MozBackup" - (or copy / zip / winRAR it), before extracting new TBB (if into same folder as last ver), you can save old settings.

Be aware - copy ONLY files from the PROFILE folder. Other folders / files from new FF or TBB vers, shouldn't be replaced w/ older versions, or fixes / changes in the new ver may not be there. At worst, FF / TBB might not work at all.

Anonymous

September 30, 2011

Permalink

The value of HTTPS for some Websites is questionable since the URL itself is not encrypted. For example, a newspaper website may allow for a HTTPS connection, but what is the value of the HTTPS if the URL indicates your interest? If you click on an article, the URL will likely be something like https://abcnewspaper.com/prices-of-oranges-going-up. Also, if you search the website, the search terms will show up in the URL. For instance, if you search https://abcnewspaper.com for "ford escort", the URL of the search results will be something like https://abcnewspaper.com/query=ford+escort Obviously, not too hard to figure out what you're doing at the website.

Anonymous

October 01, 2011

Permalink

thanks.do you removed the DigiNotar root certificates from aurora browser?

Anonymous

October 01, 2011

Permalink

hi.tnx for new release.i am from Iran and yahoo mail seems blocked and gmail work suspectly!(i don't know that it is blocked and banned by yahoo company (like messenger) or blocked inside of iran) i download this new release and test it.it work only by bridges under this suspect conditions!
thanks

Anonymous

October 01, 2011

Permalink

F-me! WFT is up with Mozillia?!! Can't they get their act together and stop releasing full version updates every effing week?! I mean WFT is up with them, do they not have sound code review process?

They release more often to keep the users up-to-date with their latest development progress and security improvements. You should get used to that, the world may change faster than you like. It's "Mozilla", btw.

They have. Please inform yourself, read their wiki, before complaining!
There are people testing Nightlies, there are people (like myself) testing Aurora and then there are supported (which means, if you find a security hole you will get money and stuff) Betas starting about one month before the release.

The only problem so far are extensions. Mozilla is working hard on this. The API will become (or already is) much more stable.

Besides that there are still older supported releases - the 3.x branch, if you are still not happy.

No they do not, I am very well informed. Up until release of 5x they didn't release major version updates every effing week. Yes, some instances are not their fault like Comodogate and the most recent Dutch debacle, however, they are still off their game.

I will complain all I like when it's warranted, which is the case here. Using a browsers in Tor Bundle that can't stop updating major version every effing week if a fail. Mostly because lots and lots of Tor Browser users won't update that often, they either don't know they should or don't bother. Either way there screwed. Not everyone can sit around all day waiting for Mozilla to release the new full version update ...

I sure wish Nick (or is it Roger?) would finish work on Thandy (or is it Tandy?) already! It's a major PITA to update to a new Tor Browser once a week, moving over all bookmarks, custom settings, custom security add-ons, etc. And not only that, but many users aren't ware that they NEED to update, which puts them in a bad place.

All in all, Molizza needs to get the effing wax out of its ears and wake the eff up!

Either that or Tor should move to Robert Hogans web browser once it's in good enough shape ...

Dude, unless "effing" means "six" in your language, you're way out of line with your comments. They do not release every week, a new version is released every 6 weeks. If there are any additional releases, they are due to zero-day security issues they can't predict. 7.0.1 is the only version outside of the 6-weeks release cycle thus far that doesn't have any security fixes, but how does it affect Tor Browser users? The TBB with 7.0 wasn't even advertised on the Tor blog. All you have to do to remain safe is to check this blog every couple of days and see if there are any new TBB. You can blame Mozilla all you want, but the policy to push security fixes and general improvements sooner rather than later is necessary nowadays. The world around you is changing rapidly and if you're not willing to keep up, prepare to be at risk and blame no one but yourself.

Where have you been? They released 4x, then only ~3 months later they released 5x (on June 21st, 2011), then 6x (on about Aug 15) then 7x (Sep 27, 2011). So, unless you and I use different math, they *are not* releasing on 6 week schedule. Don't you just hate those things called *FACTS*?! So that's 5x, 6x and 7x all within less than four months. And I noted Comodogate and the recent Dutch debacle in my last post. BTW, don't call me "dude".

You seem to be missing the point: most people don't have the time, understanding or option to check the Tor blog every week for the newest Firefox 'fix'. I know this because I spend some of my time helping non-tech savvy people use Tor and learn about Tor. They all complain about how often they have to update of late. And yes, TBB with Firefox 7.01 was posted about here. You need to stop assuming everyone speaks and reads English as well as you do, and that they understand Tor and Firefox as well as you do. Unless you only care about yourself, other less tech savvy be damned?

The *point* is many people using TBB (I assume) are not using the current release because *so many* TBB releases have been coming around of late. It's a major issue with many people, those I speak with anyway, re using out of date TBB because they don't know better. This is a major security and anonymity fail.

Native Firefox will download important updates for the user, not so with TBB. Hence, I bemoaned the fact Nick is taking his sweet time in releasing Thandy. According to a message Mike posted to me at the fly spray (https://trac.torproject.org/projects/tor/ticket/3970), he's unsure if Nick is even still focusing on Thandy bugs and Thandy won't be ready for Windows for at least a few more months. At the rate Firefox is releasing updates it will be at version 10 before Thandy is ready!

Due to the fact there have been *many* full version updates to TBB (re Firefox) of late, I think it's imperative that Thandy be released, sooner rather than later. The dangers from using out of date Firefox (via TBB) are quite troubling, re Comododate and Dutch debacle which had Tor Project certs, IIRC.

Now, stop defending Firefox, or at least use something called a fact when you do ...

And yes, in case you didn't realise it, I was using hyperbole wrt "Fireox ... release major version updates every effing week.". I used hyperbole to drive home the very valid points I'm making and you're poo-pooing because you seem to think everyone is just like you.

Anonymous

October 01, 2011

Permalink

hi.there is not any plan to release tor for symbian os?we befor have used opera mini to intermet browsing.but it is blocked.the bolt browser is similatr to opera mini but it is unable to show unicode,specially farsi fonts.tnx

Anonymous

October 01, 2011

Permalink

i hope you publish all comment without gate keeping.the purpose of share ideas and report the events/bugs/ are helping the bodies in tor to improve and expand their nice job.we all need the freedom,specially in cyber world and need security:the tor project aim

Anonymous

October 01, 2011

Permalink

i hope you publish all comment without gate keeping.the purpose of share ideas and report the events/bugs/ are helping the bodies in tor to improve and expand their nice job.we all need the freedom,specially in cyber world and need security:the tor project aim

Anonymous

October 02, 2011

Permalink

Hi
I have a question about the benefits of Mozilla add-on called "RefControl". Is it safe to install this add-on beside NoScript and HTTPS Everywhere and Torbutton? What does exactly "RefControl" do?
Thanks

RefControl blocks the referrer from being sent so that websites will no longer know what site you were viewing before theirs. You do not need this with the Tor Browser because Torbutton already blocks cross-site referrers.

Unfortunately, the lack of a referrer occasionally will prevent a person from navigating to a prior web page using their "back" button in their browser. The Ref Control addon solves this problem while still maintaining privacy by identifying the website you're visiting as the referrer. So, if you're at xyz.com, it will tell xyz.com that xyz.com is the referrer. If you then move to yyy.com, it will tell yyy.com that yyy.com is the referrer. This maintains the browser's navigation functionality while ensuring privacy.

When you load a website, the website can obtain from your browser the website you previously visited. Some people feel this is intrusive and install Ref Control to, as the name suggests, "control" whether your browser discloses your previously visited website.

Anonymous

October 04, 2011

Permalink

My experience with the previous version was that the Noscript buttons did not work. I am experiencing the same problem with this version. I say 'thank you' to the Tor team. You are helping a lot of people bypass darkness.

Anonymous

October 04, 2011

Permalink

I really appreciate your efforts, but I suffer from Flash Player in Firefox because it's instillation is prohibited in the work place and under the Administrator's authority .
My hope is to add a Flash Player in each new version of TOR Bundles
So that I can browse the sites which uses Flash Player and beat Administrator authority.

Anonymous

October 04, 2011

Permalink

I really appreciate your efforts, but I suffer from Flash Player in Firefox because it's instillation is prohibited in the work place and under the Administrator's authority .
My hope is to add a Flash Player in each new version of TOR Bundles
So that I can browse the sites which uses Flash Player and beat Administrator authority.

Anonymous

October 04, 2011

Permalink

I really appreciate your efforts, but I suffer from Flash Player in Firefox because it is prohibited in the work and installing it is under the authority of the Administration.
My hope is to add a Flash Player in each new version of the TOR Bundle browser
So that I can browse the sites uses Flash Player and beat the Administrator.

Anonymous

October 05, 2011

Permalink

tanks

Anonymous

October 06, 2011

Permalink

WHY are you DEVELOPERS still using AURORA instead of actual, full-version, current FIREFOX 7.0.1?

I know they are THE SAME... So why not use FIREFOX? It only confuses users to see AURORA.

my default internet browser is opera.i thinks it work better than the firefox but in new version it have several bug that they do not correct it in several release!the nasty bug that make me nervous.i suggest you learn as a post,how we can make our tor bundle and insert each components like internet browser(the secure one) wish to work.i hope you enable the tor forum page to be a source of knowledge.thanks

I like the name Aurora. Over the years my perception of Firefox
changed from the better browser to privacy risk due to its
increasing integretation of functions sending data to Google.
Aurora is a ray of hope to the betterment.

Why then MR. SCIENTIST, Did you use FIREFOX in the past? You are only using AURORA since 6.x and 7.x versions of FIREFOX. Weren't the trademark rights an issue with the earlier Firefox versions??

Calm down, mate. There's no need to take that attitude. Of course the problem existed before and now Tor's working on dealing with it. It's not like they can go back in time and change all earlier versions to something less likely to result in future copyright and trademark problems. The fact is, no matter how much you shout, Tor isn't going back to branded Firefox.

The issue is, up until 5x, IIRC, Tor did not compile Firefox with their own patches. And when they started to do so for the SOCKS patch, they *had* to rename it. Otherwise it would still be called Firefox, I assume.

And please drop the attitude, these people are here to help you and help the world. Please to try show some respect.

Anonymous

October 07, 2011

Permalink

Hello!
Please help solve the problem.
version 2.2.33-2 has worked very well, but today it does not start - I do not know the reasons. XP/
Error from libevent: event.c:1413: Assertion base failed in event_base_get_method
Thank You!

Anonymous

October 10, 2011

Permalink

I am no longer able to use IE Explorer to set windows programs to use TOR as the proxy. With the previous version (Vidalia 0.2.12 / Tor 0.2.1.3 / Qt 4.6.2), I was able to select "Use a proxy server for your LAN" under IE Explorer Network Settings. Address: 127.0.0.1 Port: 8118.

The same settings fail with the newest TOR version.

I appreciate your help and recommendations on how to get the newest version working. Thanks in advance!

Anonymous

October 10, 2011

Permalink

What is "Test Plug-in 1.0.0.0" which comes with Aurora and Tor Browser Bundle (it's shown inside Aurora's Add-ons Manager at "Plugins". Is Test Plug-in 1.0.0.0 safe or is it a virus?

Anonymous

October 10, 2011

Permalink

I have same issue as people above with this New Tor bundle download, can't get Tor to start
log message is:

Oct 11 17:07:38.601 [Warning] Warning from libevent: evsig_init: socketpair: Software caused connection abort [WSAECONNABORTED ]
Oct 11 17:07:38.601 [Warning] Warning from libevent: evthread_make_base_notifiable: socketpair: Software caused connection abort [WSAECONNABORTED ]
Oct 11 17:07:38.601 [Error] Error from libevent: event.c:1413: Assertion base failed in event_base_get_method

Anonymous

October 11, 2011

Permalink

Do you the programmers and makers of Tor and Tor Browser Bundle check the source code of the various addons added to the Tor Browser Bundle such as HTTPS everywhere and NoScript before they are added to the Bundle?