Tor Browser 6.5a2-hardened is released

by boklm | August 3, 2016

A new hardened Tor Browser release is available. It can be found in the 6.5a2-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

In addition to the changes from Tor Browser 6.5a2, this releases integrates Selfrando. For more details about Selfrando integration in Tor Browser, see the Q and A with Georg Koppen and the Selfrando git repository.

Here is the full changelog since 6.5a1-hardened:

  • All Platforms
    • Update Firefox to 45.3.0esr
    • Update Tor to tor-0.2.8.5-rc
    • Update Torbutton to 1.9.6.1
      • Bug 19689: Use proper parent window for plugin prompt
      • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
      • Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
      • Bug 19273: Improve external app launch handling and associated warnings
      • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Update HTTPS-Everywhere to 5.2.1
    • Update NoScript to 2.9.0.12
    • Bug 17406: Include Selfrando into our hardened builds
    • Bug 19417: Disable asmjs for now
    • Bug 19715: Disable the meek-google pluggable transport option
    • Bug 19714: Remove mercurius4 obfs4 bridge
    • Bug 19585: Fix regression test for keyboard layout fingerprinting
    • Bug 19515: Tor Browser is crashing in graphics code
    • Bug 18513: Favicon requests can bypass New Identity
    • Bug 19273: Write C++ patch for external app launch handling
    • Bug 16998: Isolate preconnect requests to URL bar domain
    • Bug 18923: Add script to run all Tor Browser regression tests
    • Bug 19478: Prevent millisecond resolution leaks in File API
    • Bug 19401: Fix broken PDF download button
    • Bug 19411: Don't show update icon if a partial update failed
    • Bug 19400: Back out GCC bug workaround to avoid asmjs crash
    • Bug 19735: Switch default search engine to DuckDuckGo
    • Bug 19276: Disable Xrender due to possible performance regressions
    • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
  • Build System
    • All Platforms

Comments

Please note that the comment area below has been archived.

August 12, 2016

In reply to boklm

Permalink

win 7 home

November 07, 2016

In reply to boklm

Permalink

what the hell is the point in that? Windows is gonna need it the most. Come on, put more work into this!

What's the status of ASan on Windows anyways? I find resources 2-4 years old talking about how the Windows port works decently but is a work in progress, but nothing more recent that definitively says it supports it.

August 03, 2016

Permalink

The Tor Browser ( 6.0.2 ) keeps on crashing on MAC ox ( 10.11.6 ) i can't visit a site for more than 1 minutes before it crashes and have to restart , i recently updated to (6.0.3 ) im having the same problem

August 03, 2016

Permalink

The Tor Browser ( 6.0.2 ) keeps on crashing on MAC ox ( 10.11.6 ) i can't visit a site for more than 1 minutes before it crashes and have to restart , i recently updated ( 6.0.3 ) but nothing change I'm having the same problem

August 04, 2016

Permalink

good

August 05, 2016

Permalink

After updating from the previous version via the auto-updater, i could no longer load https websites.

http worked fine.

I had to do a manual download of the new verison.

Thanks for everything though, Tor helps keep us all safe online.

It's not clear how reliable the onion one is. Apart from that we did not switch from the .onion one either (which you can still select) as we used Disonncect so far.

August 06, 2016

Permalink

I have tested the hardened version since it's inception.

I have had problem with "memory-leak" behavior were my 6GB RAM was
maxed out.

This version seems a little better although it eats a considerable amount of
RAM.

August 06, 2016

Permalink

In Tor Browser 6.0.3
the Add-ons Manager says:
"no script could not be verified for use in tor browser"

Could you give us more details? Does this happen with a fresh 6.0.3 downloaded from our website? Or after an update from a previous Tor Browser version? Which operating system are you using? How can I reproduce your problem?

August 08, 2016

In reply to gk

Permalink

Update from previous version, Win 8. Reinstalled noscript and no problems after

August 08, 2016

Permalink

Hi,
I'm using TorBrowser 6.0.3.
If I click on "New Identity" the middle and exit node change, however the entry node stays the same.
Is this behavior correct?
Greetings.

August 09, 2016

In reply to gk

Permalink

Thank you for your fast response.
I was confused because I remembered someone stating that changing the complete node path regularly would be statistically more secure.

August 10, 2016

Permalink

On start up I am getting message "Your Firefox is out of date. Please download a fresh copy."

I check for new Tor Browser updates but there are none.

I don't think I should click "Get Firefox" which my browser is suggesting.
Why is this?

This is due to a bug in 6.0.3 which went unnoticed so far. Mozilla fixed the issue for us on the server-side to give us time getting a new version out. See the 6.0.3 blog update for details.

September 15, 2016

Permalink

Why has the option to turn javascript on and off in the top left corner disappeared in the latest windows version of tor browser?! I can't even find a blog post about this or comments. What possible reason could there be to do this? This has just caused ongoing problems for the past 45 mins while I try to find an alternative way to do this. Why remove such a useful feature?! The only other option similar I can find is "disable add ons such as flash" - Well this is very unclear whether it has anything to do with java or not as the option was there in previous versions and seemed to have no effect on java. I cannot believe this option has been removed with no explanation and no obvious alternative way to turn this on and off...