New Tor Browser Bundles

by erinn | October 1, 2011

The Tor Browser Bundles have been updated to Firefox 7.0.1 and Tor 0.2.2.33. The bundles were originally uploaded with Firefox 7.0, but a fix was quickly released, so the two changelogs have been merged in this post.

https://www.torproject.org/download

Tor Browser Bundle (2.2.33-2)

Windows fixes

  • Begin building Vidalia with DEP/ASLR

OS X fixes

  • Stop TBB from logging so much information to the system by only allowing dyld log library loads to syslog when it is in debug mode (closes: #4093)

General fixes and updates

  • Update Firefox to 7.0.1
  • Update OpenSSL to 1.0.0e (closes: #3996) (except for OS X)
  • Update Tor to 0.2.2.33
  • Update NoScript to 2.1.2.8
  • Downgrade HTTPS Everywhere to 1.0.3, because we don't want stable TBBs to use development versions of extensions (closes: #4050)

Comments

Please note that the comment area below has been archived.

September 30, 2011

Permalink

every time i update with these new builds my aurora and extension settings are forgotten. also something that bugs me is even though i have it set not to resize the window it always opens resized. thanks. also when are we going to have a way to run other apps through tor like in other builds when polipo was still included?

It depends on which settings you mean. In general, the whole profile from last ver can be copied / restored to new TTB. Many general user set prefs are in prefs.js. Others - if you or some extension, etc., has made changes to userChrome.css or userContent.css, are stored there.

My TBB is extracted to D: drive, so path to the profile folder in TBB is:

D:\Program Files (x86)\Security\Tor Browser 2.2.32-4\Tor Browser\FirefoxPortable\Data\profile

If you BU the old profile w/ an addon like FEBE or stand alone prgm for Firefox / Tbird - "MozBackup" - (or copy / zip / winRAR it), before extracting new TBB (if into same folder as last ver), you can save old settings.

Be aware - copy ONLY files from the PROFILE folder. Other folders / files from new FF or TBB vers, shouldn't be replaced w/ older versions, or fixes / changes in the new ver may not be there. At worst, FF / TBB might not work at all.

September 30, 2011

Permalink

The value of HTTPS for some Websites is questionable since the URL itself is not encrypted. For example, a newspaper website may allow for a HTTPS connection, but what is the value of the HTTPS if the URL indicates your interest? If you click on an article, the URL will likely be something like https://abcnewspaper.com/prices-of-oranges-going-up. Also, if you search the website, the search terms will show up in the URL. For instance, if you search https://abcnewspaper.com for "ford escort", the URL of the search results will be something like https://abcnewspaper.com/query=ford+escort Obviously, not too hard to figure out what you're doing at the website.

October 01, 2011

Permalink

hi.tnx for new release.i am from Iran and yahoo mail seems blocked and gmail work suspectly!(i don't know that it is blocked and banned by yahoo company (like messenger) or blocked inside of iran) i download this new release and test it.it work only by bridges under this suspect conditions!
thanks

October 01, 2011

Permalink

F-me! WFT is up with Mozillia?!! Can't they get their act together and stop releasing full version updates every effing week?! I mean WFT is up with them, do they not have sound code review process?

They release more often to keep the users up-to-date with their latest development progress and security improvements. You should get used to that, the world may change faster than you like. It's "Mozilla", btw.

They have. Please inform yourself, read their wiki, before complaining!
There are people testing Nightlies, there are people (like myself) testing Aurora and then there are supported (which means, if you find a security hole you will get money and stuff) Betas starting about one month before the release.

The only problem so far are extensions. Mozilla is working hard on this. The API will become (or already is) much more stable.

Besides that there are still older supported releases - the 3.x branch, if you are still not happy.

No they do not, I am very well informed. Up until release of 5x they didn't release major version updates every effing week. Yes, some instances are not their fault like Comodogate and the most recent Dutch debacle, however, they are still off their game.

I will complain all I like when it's warranted, which is the case here. Using a browsers in Tor Bundle that can't stop updating major version every effing week if a fail. Mostly because lots and lots of Tor Browser users won't update that often, they either don't know they should or don't bother. Either way there screwed. Not everyone can sit around all day waiting for Mozilla to release the new full version update ...

I sure wish Nick (or is it Roger?) would finish work on Thandy (or is it Tandy?) already! It's a major PITA to update to a new Tor Browser once a week, moving over all bookmarks, custom settings, custom security add-ons, etc. And not only that, but many users aren't ware that they NEED to update, which puts them in a bad place.

All in all, Molizza needs to get the effing wax out of its ears and wake the eff up!

Either that or Tor should move to Robert Hogans web browser once it's in good enough shape ...

Dude, unless "effing" means "six" in your language, you're way out of line with your comments. They do not release every week, a new version is released every 6 weeks. If there are any additional releases, they are due to zero-day security issues they can't predict. 7.0.1 is the only version outside of the 6-weeks release cycle thus far that doesn't have any security fixes, but how does it affect Tor Browser users? The TBB with 7.0 wasn't even advertised on the Tor blog. All you have to do to remain safe is to check this blog every couple of days and see if there are any new TBB. You can blame Mozilla all you want, but the policy to push security fixes and general improvements sooner rather than later is necessary nowadays. The world around you is changing rapidly and if you're not willing to keep up, prepare to be at risk and blame no one but yourself.

Where have you been? They released 4x, then only ~3 months later they released 5x (on June 21st, 2011), then 6x (on about Aug 15) then 7x (Sep 27, 2011). So, unless you and I use different math, they *are not* releasing on 6 week schedule. Don't you just hate those things called *FACTS*?! So that's 5x, 6x and 7x all within less than four months. And I noted Comodogate and the recent Dutch debacle in my last post. BTW, don't call me "dude".

You seem to be missing the point: most people don't have the time, understanding or option to check the Tor blog every week for the newest Firefox 'fix'. I know this because I spend some of my time helping non-tech savvy people use Tor and learn about Tor. They all complain about how often they have to update of late. And yes, TBB with Firefox 7.01 was posted about here. You need to stop assuming everyone speaks and reads English as well as you do, and that they understand Tor and Firefox as well as you do. Unless you only care about yourself, other less tech savvy be damned?

The *point* is many people using TBB (I assume) are not using the current release because *so many* TBB releases have been coming around of late. It's a major issue with many people, those I speak with anyway, re using out of date TBB because they don't know better. This is a major security and anonymity fail.

Native Firefox will download important updates for the user, not so with TBB. Hence, I bemoaned the fact Nick is taking his sweet time in releasing Thandy. According to a message Mike posted to me at the fly spray (https://trac.torproject.org/projects/tor/ticket/3970), he's unsure if Nick is even still focusing on Thandy bugs and Thandy won't be ready for Windows for at least a few more months. At the rate Firefox is releasing updates it will be at version 10 before Thandy is ready!

Due to the fact there have been *many* full version updates to TBB (re Firefox) of late, I think it's imperative that Thandy be released, sooner rather than later. The dangers from using out of date Firefox (via TBB) are quite troubling, re Comododate and Dutch debacle which had Tor Project certs, IIRC.

Now, stop defending Firefox, or at least use something called a fact when you do ...

And yes, in case you didn't realise it, I was using hyperbole wrt "Fireox ... release major version updates every effing week.". I used hyperbole to drive home the very valid points I'm making and you're poo-pooing because you seem to think everyone is just like you.

October 01, 2011

Permalink

hi.there is not any plan to release tor for symbian os?we befor have used opera mini to intermet browsing.but it is blocked.the bolt browser is similatr to opera mini but it is unable to show unicode,specially farsi fonts.tnx

October 01, 2011

Permalink

i hope you publish all comment without gate keeping.the purpose of share ideas and report the events/bugs/ are helping the bodies in tor to improve and expand their nice job.we all need the freedom,specially in cyber world and need security:the tor project aim

October 01, 2011

Permalink

i hope you publish all comment without gate keeping.the purpose of share ideas and report the events/bugs/ are helping the bodies in tor to improve and expand their nice job.we all need the freedom,specially in cyber world and need security:the tor project aim

October 02, 2011

Permalink

Hi
I have a question about the benefits of Mozilla add-on called "RefControl". Is it safe to install this add-on beside NoScript and HTTPS Everywhere and Torbutton? What does exactly "RefControl" do?
Thanks

RefControl blocks the referrer from being sent so that websites will no longer know what site you were viewing before theirs. You do not need this with the Tor Browser because Torbutton already blocks cross-site referrers.

Unfortunately, the lack of a referrer occasionally will prevent a person from navigating to a prior web page using their "back" button in their browser. The Ref Control addon solves this problem while still maintaining privacy by identifying the website you're visiting as the referrer. So, if you're at xyz.com, it will tell xyz.com that xyz.com is the referrer. If you then move to yyy.com, it will tell yyy.com that yyy.com is the referrer. This maintains the browser's navigation functionality while ensuring privacy.

When you load a website, the website can obtain from your browser the website you previously visited. Some people feel this is intrusive and install Ref Control to, as the name suggests, "control" whether your browser discloses your previously visited website.

October 04, 2011

Permalink

My experience with the previous version was that the Noscript buttons did not work. I am experiencing the same problem with this version. I say 'thank you' to the Tor team. You are helping a lot of people bypass darkness.

October 04, 2011

Permalink

I really appreciate your efforts, but I suffer from Flash Player in Firefox because it's instillation is prohibited in the work place and under the Administrator's authority .
My hope is to add a Flash Player in each new version of TOR Bundles
So that I can browse the sites which uses Flash Player and beat Administrator authority.

October 04, 2011

Permalink

I really appreciate your efforts, but I suffer from Flash Player in Firefox because it's instillation is prohibited in the work place and under the Administrator's authority .
My hope is to add a Flash Player in each new version of TOR Bundles
So that I can browse the sites which uses Flash Player and beat Administrator authority.

October 04, 2011

Permalink

I really appreciate your efforts, but I suffer from Flash Player in Firefox because it is prohibited in the work and installing it is under the authority of the Administration.
My hope is to add a Flash Player in each new version of the TOR Bundle browser
So that I can browse the sites uses Flash Player and beat the Administrator.

October 05, 2011

Permalink

tanks

October 06, 2011

Permalink

WHY are you DEVELOPERS still using AURORA instead of actual, full-version, current FIREFOX 7.0.1?

I know they are THE SAME... So why not use FIREFOX? It only confuses users to see AURORA.

October 06, 2011

In reply to phobos

Permalink

my default internet browser is opera.i thinks it work better than the firefox but in new version it have several bug that they do not correct it in several release!the nasty bug that make me nervous.i suggest you learn as a post,how we can make our tor bundle and insert each components like internet browser(the secure one) wish to work.i hope you enable the tor forum page to be a source of knowledge.thanks

October 08, 2011

In reply to phobos

Permalink

I like the name Aurora. Over the years my perception of Firefox
changed from the better browser to privacy risk due to its
increasing integretation of functions sending data to Google.
Aurora is a ray of hope to the betterment.

October 10, 2011

In reply to phobos

Permalink

Why then MR. SCIENTIST, Did you use FIREFOX in the past? You are only using AURORA since 6.x and 7.x versions of FIREFOX. Weren't the trademark rights an issue with the earlier Firefox versions??

Calm down, mate. There's no need to take that attitude. Of course the problem existed before and now Tor's working on dealing with it. It's not like they can go back in time and change all earlier versions to something less likely to result in future copyright and trademark problems. The fact is, no matter how much you shout, Tor isn't going back to branded Firefox.

The issue is, up until 5x, IIRC, Tor did not compile Firefox with their own patches. And when they started to do so for the SOCKS patch, they *had* to rename it. Otherwise it would still be called Firefox, I assume.

And please drop the attitude, these people are here to help you and help the world. Please to try show some respect.

October 07, 2011

Permalink

Hello!
Please help solve the problem.
version 2.2.33-2 has worked very well, but today it does not start - I do not know the reasons. XP/
Error from libevent: event.c:1413: Assertion base failed in event_base_get_method
Thank You!

October 10, 2011

Permalink

I am no longer able to use IE Explorer to set windows programs to use TOR as the proxy. With the previous version (Vidalia 0.2.12 / Tor 0.2.1.3 / Qt 4.6.2), I was able to select "Use a proxy server for your LAN" under IE Explorer Network Settings. Address: 127.0.0.1 Port: 8118.

The same settings fail with the newest TOR version.

I appreciate your help and recommendations on how to get the newest version working. Thanks in advance!

October 10, 2011

Permalink

What is "Test Plug-in 1.0.0.0" which comes with Aurora and Tor Browser Bundle (it's shown inside Aurora's Add-ons Manager at "Plugins". Is Test Plug-in 1.0.0.0 safe or is it a virus?

October 10, 2011

Permalink

I have same issue as people above with this New Tor bundle download, can't get Tor to start
log message is:

Oct 11 17:07:38.601 [Warning] Warning from libevent: evsig_init: socketpair: Software caused connection abort [WSAECONNABORTED ]
Oct 11 17:07:38.601 [Warning] Warning from libevent: evthread_make_base_notifiable: socketpair: Software caused connection abort [WSAECONNABORTED ]
Oct 11 17:07:38.601 [Error] Error from libevent: event.c:1413: Assertion base failed in event_base_get_method

October 11, 2011

Permalink

Do you the programmers and makers of Tor and Tor Browser Bundle check the source code of the various addons added to the Tor Browser Bundle such as HTTPS everywhere and NoScript before they are added to the Bundle?

October 22, 2011

Permalink

Im using tor but while in not using the net a lot of data gets uploaded i can see that but does that mean my personal data is still being uploaded?

October 24, 2011

Permalink

iam alwaya getting this أكتوبر 25 03:17:49.545 [Error] libevent call with win32 failed: No buffer space available [WSAENOBUFS ] [10055] why???

October 24, 2011

Permalink

iam alwaya getting this أكتوبر 25 03:17:49.545 [Error] libevent call with win32 failed: No buffer space available [WSAENOBUFS ] [10055] why???aأكتوبر 25 03:27:44.883 [Error] Reading config failed--see warnings above.أكتوبر 25 03:27:44.883 [Warning] Failed to parse/validate config: Failed to bind one of the listener ports.

October 30, 2011

Permalink

excuse my ignorance
can i just keep the version i currently have running, when i click on the green onion icon it shows Vidalia 0.2.12 and also Tor as 0.2.1. 30 Qt 4. 6. 2 , will it still work as normal even though i keep getting prompts at start up saying "its outdated"
I still use Firefox3.5 as browser

October 30, 2011

Permalink

Hello, I use Vidalia 0.2.10 + Tor 0.2.1.30. Since a few days I always get a message that this version is outdated. I dl the new Tor Browser Bundle but didn't get it running. I always get these ErrorMessages:
Warning from libevent: evsig_init: socketpair: Permission denied [WSAEACCES ]
Warning from libevent: evthread_make_base_notifiable: socketpair: Permission denied [WSAEACCES ]
Error from libevent: event.c:1413: Assertion base failed in event_base_get_method

I get a lot of hits in Google to these messages, but never a solution or an explanation - not even on your Tor-Site!
So maybe someone could tell what's the problem or how to avoid these messages and how to get Tor running.
Or can I still use my old VidaliaBundle? Or are there security concerns, because of the message shown on every start?
I think it's important to know about these issues - so it would be really great if someone could clearify about them. Thanks.

December 12, 2011

Permalink

I'm using (Firefox Torbundle) Aurora 8.0 such a great package.
Before with older versions i was able to login into mail.yahoo.com
but lately it refuses with message password / login incorrect?!
If i use normal Firefox v8.0 with noscript and https everywhere loggin in into yahoo mail goes without any problem???
Anybody had this too?

Ditto. Also https://mail.yahoo.com/. I cant get the "sign in" button on said web page to activate, no matter what I do. It works for other email sign in pages. Any thoughts?

Ditto. Also https://mail.yahoo.com/. I cant get the "sign in" button on said web page to activate, no matter what I do. It works for other email sign in pages. Any thoughts?

Ditto. Also https://mail.yahoo.com/. I cant get the "sign in" button on said web page to activate, no matter what I do. It works for other email sign in pages. Any thoughts?

December 18, 2011

Permalink

In Aurora 8.1 nothing happends when clicking on login button to mail.yahoo.com
Anybody has this as well? Is this because of yahoo mail or because aurora 8.1 ???

The problem does not stem from ymail. It is definitely Tor-Aurora, since Opera and Firefox have no issues accessing ymail without tor. Two things I've noticed that lead me to suspect a JavaScript bug in Tor-Aurora -

1 - the sign in button does not work most of the time

2 - when it does work then there is a password / login incorrect error generated,at which point the email login page should refresh with a box instructing you to enter a string of digits and numbers to confirm that you're human. This is missing.

Sometimes you can force the issue and gain access by clicking on help and reentering your password but this takes forever. Notice I stated Tor-Aurora since Aurora may not be the sole culprit.

Please Tor Browser creators clean up the bugs so Tor Browser can remain useful.

Thanks

January 19, 2012

Permalink

Unable to set option: Failed to bind one of the listener ports. i have this massege when i try to configure exitnode to specific country - please help ?? thank you

February 13, 2012

Permalink

i'm getting this error "libevent call with win32 failed: No buffer space available [WSAENOBUFS ] [10055]" and suddenly tor exit. please help me, how to resolve this problem. I googled, but didn't find any solution for this problem, which can resolve my problem. Thanks in advance.

April 01, 2012

Permalink

what is the problem with tor browser???

I get the last version

I am not able use the TOR???!!!

I still get error massage "No Buffer space available" and it exit

clearing temp files,history and cookies<