Tor Browser 6.0.3 is released

Tor Browser 6.0.3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 45.3.0esr. Additionally, it bumps NoScript to 2.9.0.12, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.

Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.

Update (August 11, 10:04 UTC): Starting from a couple of hours ago Tor Browser users might see a notification box in their browser claiming that Firefox is too old providing a button to get a newer one. This is both due to a server-side code change on Mozilla's side and an oversight by us during the ESR45 transition. Clicking on the "Get Firefox" button is safe and leads the user to our Tor Browser download page. Needless to say, this whole behavior is highly confusing and we apologize for it. We are working on a fix as quickly as possible and hope to get Mozilla to exempt Tor Browser users from this feature while we are working on a new release. For technical details see our bug tracker.

Here is the full changelog since 6.0.2:

All Platforms
- Update Firefox to 45.3.0esr
- Update Torbutton to 1.9.5.6
  - Bug 19417: Disable asmjs for now
  - Bug 19689: Use proper parent window for plugin prompt
- Update HTTPS-Everywhere to 5.2.1
- Update NoScript to 2.9.0.12
- Bug 19715: Disable the meek-google pluggable transport option
- Bug 19714: Remove mercurius4 obfs4 bridge
- Bug 19585: Fix regression test for keyboard layout fingerprinting
- Bug 19515: Tor Browser is crashing in graphics code
- Bug 18513: Favicon requests can bypass New Identity
OS X
- Bug 19269: Icon doesn't appear in Applications folder or Dock
Android
- Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined

Could you get a stack trace

Could you get a stack trace from your crashes by downloading the debug symbols and starting Tor Browser as mentioned on https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Us…?

Where to get Tor version

Where to get Tor version from Tor Browser?

<br />
$ ./Browser/TorBrowser/Tor/tor --version<br />
./Browser/TorBrowser/Tor/tor: symbol lookup error: ./Browser/TorBrowser/Tor/tor: undefined symbol: evutil_secure_rng_set_urandom_device_file<br />

Browser -> Menu -> About -> (Nothing about Tor version).

This press release -> again nothing about Tor Version.

And https://trac.torproject.org/ does not work (Connection refused).

Please fix!

Starting with

Starting with `./start-tor-browser.desktop --debug` in your terminal should be enough to see the tor version there.

With this release I've

With this release I've noticed that Tor periodically stops running and has to be relaunched, which it does without closing any of the windows. I don't know whether this is a bug. It's random. Never happened with any of the previous releases I've used. There are no steps to reproduce it.

There's definitely something

There's definitely something wrong with this release. In addition to the above, now Tor browser gives me a message that 'Your Firefox is out of date. Please download a fresh copy'. Yet obviously the Tor browser itself is up-to-date.

Any comment on these anomalies?

See the update to the blog

See the update to the blog post above.

Bad Bug in MSWindows

Bad Bug in MSWindows Microsoft won't patch?

http://www.theregister.co.uk/2016/08/02/smb_attack_is_back/
http://witch.valdikss.org.ru/

Im using Torbrowser 6.0.3.

Im using Torbrowser 6.0.3. Today suddenly a yellow bar located under the url and above the website area showed up when i startet Torbrowser and said, that firefox is outdated and i have to update it, but when clicking on the update button the tor website with version 6.0.3 (which i already have) shows up. What to do ?

Linux UBUNTU 14.04 Tor

Linux UBUNTU 14.04
Tor 6.03
11-7-2016

https://abu-pessoptimist.blogspot.nl/--> -->

https://abu-pessoptimist.blogspot.de/

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies.
-----------------------------------------------------

I changed nothing in configuration of TOR

"Your Firefox is out of

"Your Firefox is out of date. Please download a fresh copy." Should I update Firefox or not?

The new version says "Your

The new version says "Your Firefox is out of date. Please download a fresh copy." The button take me to https://www.torproject.org/download/download-easy.html where the latest version of Tor is 6.0.3 and that is what is running!

"We are working on a fix as

"We are working on a fix as past as possible and hope to get Mozilla to exempt Tor Browser users from this feature" - yep, as past. Nice attempt from Mozilla to raise attention that Tor Browser really uses outdated by security features Firefox which needs to be updated.

I've just installed TOR 603

I've just installed TOR 603 and on starting it says "firefox is out of date".

'About' shows I'm now on TBB

'About' shows I'm now on TBB v6.0.3 (based on Mozilla Firefox 45.3.0) but, for the last day or two, I get a banner with 'Your Firefox is out of date. Please download a fresh copy.' and an embedded 'Get Firefox' button that takes me to the main TBB downloads page, offering me a fresh download of this same current version.

tor

tor 6.0.3
https://check.torproject.org
say
Sorry. You are not using Tor.

For the last day or so,

For the last day or so, every time I launch TOR, I get a message to say that my Firefox is out of date (I am using TOR 6.0.3). When I click on the download link, I get the same 6.0.3 that I am already running. Or I THINK it is the same...

A bug or what? Please advise.

Thanks

thank you for Tor!!!! so

thank you for Tor!!!! so much!

Please help. I'm using TBB

Please help.
I'm using TBB on Linux and this version (6.0.3) shows me a message saying "Your Firefox is out of date. Please download a fresh copy". I thought something went wrong during an update, so I deleted the folder and extracted a newly downloaded version to a new one, but now after a browser restart, the problem appears again. How come no one has mentioned it yet?

To: Tails developers I refer

To: Tails developers

I refer to the security vulnerability discussed on the page whose URL is https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5696

According to the page, it states: net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.

Would you be rolling out an updated version once Debian has issued a patch for it?

Hi, my 6.0.3 Tor Browser

Hi,

my 6.0.3 Tor Browser gives a Message "Your Firefox is out of date. Please download a fresh copy."

Is this normal? Tor is up to date when I check it with "Check for Tor Browser Update...."

Thanxs.

Is NSA censoring these

Is NSA censoring these comments? I had a question regarding a bug in this version and it hasn't been approved.

No. Most of the time we just

No. Most of the time we just lack the time for answering blog comments as they show up.

"Sorry. You are not using

"Sorry. You are not using Tor."

These ip addresses seem to keep interfering with Tornetwork on a frequent basis, 104.156.228.156, 108.61.226.16, 209.95.50.25, 104.200.154.73, 108.61.123.66, 172.98.67.97 .
Would it make sense or is it possible to block redirects to these non Tor circuit ip addresses?

Thank you very much for

Thank you very much for Tor!
But the latest version doesn't work in China.

Thank you very much for

Thank you very much for Tor!
But the latest version doesn't work in China.

How did you manage to arrive at this page to post your feedback?

I tried another software. I

I tried another software. I have more than 5. If one fails then switch to another one. But I want to keep Tor in my arsenal and expect it to work.

the error message: Tor

the error message:

Tor failed to establish a Tor network connection.

Establishing an encrypted directory connection failed (done - 0.0.2.0:3).

sometimes it's 0.0.2.0:2

Fixed. It's caused by my own

Fixed. It's caused by my own mistake.
Thank you.

I just installed a clean

I just installed a clean version of tor and when trying to access it I received this message, mind you I am not using a proxy and am able to access the internet without tor, so I don't understand how to fix this, I have never had this problem before this version...please help! Thank you in advance.

PS USING TOR 6.0.3

8/13/2016 16:09:09 PM.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/13/2016 16:09:09 PM.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/13/2016 16:09:09 PM.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/13/2016 16:09:09 PM.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150
8/13/2016 16:09:09 PM.500 [NOTICE] Bootstrapped 5%: Connecting to directory server
8/13/2016 16:09:09 PM.700 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
8/13/2016 16:09:10 PM.100 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection
8/13/2016 16:09:10 PM.200 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus
8/13/2016 16:09:10 PM.300 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus
8/13/2016 16:09:10 PM.700 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
8/13/2016 16:10:11 PM.300 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
8/13/2016 16:11:12 PM.600 [WARN] Received http status code 404 ("Not found") from server '91.121.23.100:8001' while fetching "/tor/keys/fp/585769C78764D58426B8B52B6651A5A71137189A".
8/13/2016 16:12:17 PM.000 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
8/13/2016 16:12:17 PM.000 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/13/2016 16:12:17 PM.000 [NOTICE] Closing old Socks listener on 127.0.0.1:9150
8/13/2016 16:12:17 PM.500 [NOTICE] Delaying directory fetches: DisableNetwork is set.

Having the same problem :(

I keep getting this: 'Tor

I keep getting this: 'Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware.'

Is this a bug? Any suggestions how to deal with it or is it just a matter of waiting until the next release?

I did make one change to Tor. I added the 'Mozilla Archive Format' add-on. Could this possibly be causing the problem? I can't imagine why it would though. I suspect a bug, but it doesn't appear that anyone else is mentioning it.

this new version screwed up

this new version screwed up my ability to log into one of my webmail accounts, I suspect something is whacked with one of the plugins such as maybe the NoScript or possibly with Java scripting options that got fouled up when you pushed this download onto my machine and hozed up my ability to use one of my accounts due to this.

btw, this happened on a WINDOZE box as well, I am on Xubuntu currently, latest version.

between the graphics instability which really bites, and this, I'm just about ready to quit using TOR altogether because now of all things, the a$$holes in RU are now blocking the use of it more aggressively and somehow or another they have the ability to watch all nodes going thru their hardware and then blast the user with a big fat warning message I'd prefer not to read again.

thanks for making a very very unstable product even worse guys! really!

So, you are saying a clean

So, you are saying a clean Tor Browser 6.0.2 (https://archive.torproject.org/tor-package-archive/torbrowser/6.0.2/) is working for you and a clean Tor Browser 6.0.3 (https://archive.torproject.org/tor-package-archive/torbrowser/6.0.3/) does not anymore? How can I reproduce that?

only the clean version 6.0.3

only the clean version 6.0.3 was not working, however I discovered the clock on my laptop was a day behind so when I reset clock day and time everything is working now...and than there is new version 6.0.4 is working great now!! Thank you tor!

Is there any need for such a

Is there any need for such a rant?

The TOR developers are doing a great job. The vast majority of people are using it OK. If you are not able to use it - as we are doing - why don't you try reformatting your hard-drive and reloading everything - instead of just automatically blaming TOR.

Stop using TOR. Who will care? Only YOU.