Tor Browser 6.0.3 is released

Tor Browser 6.0.3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 45.3.0esr. Additionally, it bumps NoScript to 2.9.0.12, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.

Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.

Update (August 11, 10:04 UTC): Starting from a couple of hours ago Tor Browser users might see a notification box in their browser claiming that Firefox is too old providing a button to get a newer one. This is both due to a server-side code change on Mozilla's side and an oversight by us during the ESR45 transition. Clicking on the "Get Firefox" button is safe and leads the user to our Tor Browser download page. Needless to say, this whole behavior is highly confusing and we apologize for it. We are working on a fix as quickly as possible and hope to get Mozilla to exempt Tor Browser users from this feature while we are working on a new release. For technical details see our bug tracker.

Here is the full changelog since 6.0.2:

  • All Platforms
    • Update Firefox to 45.3.0esr
    • Update Torbutton to 1.9.5.6
    • Update HTTPS-Everywhere to 5.2.1
    • Update NoScript to 2.9.0.12
    • Bug 19715: Disable the meek-google pluggable transport option
    • Bug 19714: Remove mercurius4 obfs4 bridge
    • Bug 19585: Fix regression test for keyboard layout fingerprinting
    • Bug 19515: Tor Browser is crashing in graphics code
    • Bug 18513: Favicon requests can bypass New Identity
  • OS X
    • Bug 19269: Icon doesn't appear in Applications folder or Dock
  • Android
    • Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
Anonymous

August 03, 2016

Permalink

Ever since TBB 6.0.1 (Windows) update, pictures such as avatars don't show anymore on twitter apps. While the captcha image on a private paste service doesn't show either. I checked on other browsers and they show but they don't show on TBB.

I checked Google for the problem and found this old post:

https://blog.torproject.org/blog/tor-browser-50a3-released

++++

On July 7th, 2015 Anonymous said:
It's gotten really slower and stopped showing pictures on twitter

On July 8th, 2015 Anonymous said:
I can confirm problems on Twitter (no pictures shown), also I'm not able to right-click on Twitter and see the context menu and it always shows the cookie warning on top of the page.

On July 9th, 2015 Anonymous said:
Confirmation - no pictures on Twitter. Also tweet button does not show up, and am unable to use the search function on twitter.

On July 9th, 2015 arma said:
https://bugs.torproject.org/16528

++++

I tried the about:config fix it shows from last year mentioned on https://trac.torproject.org/projects/tor/ticket/16528 and it doesn't work for me. That link is from last year.

The laptop I'm currently working on is Windows Vista. The Twitter-linked sites I've noticed this on is Hootsuite. And unfollowing/follower sites such as statusbrew.com and who.unfollowed.me. Those are all web-based Twitter apps. No mobile. This all happened ever since TBB 6.0.1 (Windows) update.

Anonymous

August 03, 2016

Permalink

Just updated. Everything was stable and fine before; now things grind to a halt and freeze. What have you done?

I am on Windows 10. Also runs Firefox 48.0 with no problem at all.

Anonymous

August 03, 2016

Permalink

thanks

Anonymous

August 04, 2016

Permalink

thanks!

Anonymous

August 04, 2016

Permalink

After presumably auto-updatingTBB now no longer launches under 10.7.x :(

Anonymous

August 04, 2016

Permalink

I manually checked for this update in Torbutton (check only in Options). It downloaded 6.0.3 and asked for restart. I closed Torbutton window, but nothing changed in hamburger menu. But when I opened Check for Tor Browser Update again, then the icon & "Restart Tor Browser to apply updates" appeared there!

Anonymous

August 04, 2016

Permalink

thanks

Anonymous

August 04, 2016

Permalink

TypeError: this._recipeManager is null LoginManagerParent.jsm:185:9

Anonymous

August 04, 2016

Permalink

thanks

Anonymous

August 04, 2016

Permalink

geoip in TBB 6.0.3 is from December 2015.
Why this old version?
Newer ones are from "June 7 2016"(0.2.8.4-rc - 2016-06-15)
and "July 6 2016"(0.2.8.6 - 2016-08-02).

What's the reason for the old geoip version in TBB 6.0.3?

Anonymous

August 04, 2016

Permalink

Only 2 of the 6 the transports work OBFS3 and OBsF4 are the only transports working? I tried this from a few addresses the last was public IP 63.92.230.41.

Anonymous

August 04, 2016

Permalink

If I have an older version of a Mac what's another good website I can use like tor

Anonymous

August 05, 2016

Permalink

nice

Anonymous

August 05, 2016

Permalink

The Tor Browser ( 6.0.2 ) keeps on crashing on MAC ox ( 10.11.6 ) i can't visit a site for more than 1 minutes before it crashes and have to restart , i recently updated ( 6.0.3 ) but nothing change I'm having the same problem

Anonymous

August 05, 2016

Permalink

Hello,

I asked this question recently, but you seemingly overlooked it, so I will try again.

I cannot access a website with Tor and wish to enquire if you know why. It is a forum for techniques that enable skin growth. Here is the link:
http://foreskinrestoration.vbulletin.net/

Please publish this query as your help would be very valuable to me. I desperately need to use the forum again via Tor (for personal nature of the content).

Thank you.

Anonymous

August 05, 2016

Permalink

Immediately after update to 6.0.3, bridge connections all fail within minutes and logs fill with "Giving up on marked_for_close conn that's been flushing for 15s" messages. Also and more troubling (perhaps related) after closing the browser as gracefully as possible (tor has now been crashing, causing the browser to freeze) its processes and those of the transports always appear to remain resident.

Anonymous

August 05, 2016

Permalink

thanks

Anonymous

August 06, 2016

Permalink

I don't think there isa general thread so I'm posting this here.

I found the following article from:

https://thehackernews.com/2016/07/tor-anonymity-node.html

"Another blow to the Tor Project: One of the Tor Project's earliest contributors has decided to quit the project and shut down all of the important Tor nodes under his administration.
Lucky Green was part of the Tor Project before the anonymity network was known as TOR. He probably ran one of the first 5 nodes in the TOR network at its inception and managed special nodes inside the anonymity network."

What will this mean for the many (grateful) users of TOR?

Thanks

Probably not much; maybe some slight slowdown, but that quote is sensationalizing it. There's a thread in the Mailing List archive that you can look up, which was probably where The Hacker News found out about it in the first place.

This is part of the reason why I don't read them, along with their dumbing-down of everything to the point that they butcher the concepts involved.

Anonymous

August 06, 2016

Permalink

I am using Windows. When I start the browser I see a black strip across the bottom (underneath the NoScript banner). This black strip only disappears if I maximize the browser.

I also get inconsistent browser resolutions. For example I usually see a browser window that has a short height, but if I maximize first and then create a new window or new identity then the new window has a a longer height. I believe this problem is tied to the screen resolution that I am using (but I'm not sure what is causing the problem of the black strip across the bottom of the browser which I described above).

These problems already existed in previous versions.

Anonymous

August 06, 2016

Permalink

Little bit off-topic but bad crypto on MSWindows:

"we present a new technique for hiding malware (encrypted and unencrypted) inside a digitally signed file (while still keeping the file with a valid certificate) and executing it from the memory, using a benign executable (which acts as a reflective EXE loader, written from scratch). Our research demonstrates our Certificate Bypass tool and the Reflective EXE Loader."

Anonymous

August 06, 2016

Permalink

Question on Tails 2.5:

Tails 2.5 is from August 2, 2016.
libc -very essential- has a very big and important patch on August 4,2016.

Is this a problem?

1. Link to above:
https://www.sourceware.org/ml/libc-alpha/2016-08/msg00212.html

2. Updatemechanism in FreeBSD vulnerable to Man-in-the-middle
attacks.
Linux, too(?).
https://github.com/libarchive/libarchive/issues/743
"We have other documents, dated 2014 and 2015, detailing attacks against the update systems of multiple Linux distributions and the corresponding defenses against "the adversary.""

Anonymous

August 07, 2016

Permalink

greets

this version of TBB is crashing browsing the average popular web sites.
i dont mean to complain and appreciate the hard work gone into TBB but this seems to be a basic firefox stability issue?!

Mr Blue