Tor Browser 6.0.6 is released

Tor Browser 6.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release is updating Firefox to 45.5.0esr. Moreover, other components got an update as well: Tor to 0.2.8.9, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.1u.

We fixed a lot of usability bugs, some caused by Apple's macOS Sierra (meek did not work anymore and windows could not be dragged either). We moved directly to DuckDuckGo as our search engine avoiding a roundtrip to Disconnect.me first. Finally, we added a donation banner shown in some localized bundled starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign.

Here is the full changelog since 6.0.5:

  • All Platforms
    • Update Firefox to 45.5.0esr
    • Update Tor to 0.2.8.9
    • Update OpenSSL to 1.0.1u
    • Update Torbutton to 1.9.5.12
      • Bug 20414: Add donation banner on about:tor for 2016 campaign
      • Translation updates
    • Update Tor Launcher to 0.2.9.4
      • Bug 20429: Do not open progress window if tor doesn't get started
      • Bug 19646: Wrong location for meek browser profile on OS X
    • Update HTTPS-Everywhere to 5.2.7
    • Update meek to 0.25
      • Bug 19646: Wrong location for meek browser profile on OS X
      • Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
    • Bug 19838: Add dgoulet's bridge and add another one commented out
    • Bug 20296: Rotate ports again for default obfs4 bridges
    • Bug 19735: Switch default search engine to DuckDuckGo
    • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Windows
    • Bug 20342: Add tor-gencert.exe to expert bundle
  • OS X
    • Bug 20204: Windows don't drag on macOS Sierra anymore
    • Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
  • Build system
    • All platforms

Hereafter the message (I try to rewrite because it is not possible to copy it)

"Tor Launcher

Tor exited during startup. This might be due to an error in your torrc file, a bug in Tor or another program on your systeme, or faulty hardware. Until you fix the underlying problem and restard Tor, Tor Browser will not start.

Button "OK" and button "Restart Tor"

Did you happen to test an alpha version of Tor Browser recently? The symptoms look like that. What happens in this case is that your stable Tor Browser is using the same browser profile than the alpha one but both are not compatible at the moment.

You can avoid that problem by removing the old TorBrowser-Data folder in your Library/Application Support directory (which is in your home directory) before starting a new 6.0.6. See https://trac.torproject.org/projects/tor/ticket/20300#comment:8 for some help on how to find this folder.

If you did not use a Tor Browser alpha recently it would be super helpful if you could help us debug this problem. https://trac.torproject.org/projects/tor/ticket/20300#comment:11 has some instructions and we would be very glad to see the debug output.

Thanks!

khled.8@hotmai.com

November 16, 2016

Permalink

thank

khled.8@hotmai.com

November 16, 2016

Permalink

Has this update been installed on my computer automatically?

I'm a senior citizen and unfortunately computer illiterate,so I had to ask this question.

If it wasn't automatically installed,then how do I install it?

Thank you.

If you start Tor Browser you should see "Tor Browser 6.0.6" in the upper right corner of your browser window. If you see an older version you have not updated yet.

khled.8@hotmai.com

November 16, 2016

Permalink

Gracias

tor-browser-linux64-6.0.6_en-US.tar.xz

this bug is still present: https://trac.torproject.org/projects/tor/ticket/20339

gracias

Will version 6.0.6 be available via gettor?

I'm STILL getting google 404 error, 403. That’s an error.

Your client does not have permission to get URL. How do i fix that? if it's fixable of course...

For democracy-hating services that censor all articles from anyone who wants to read them anonymously;
https://ixquick.com https://startpage.com/ or even https://archive.org/web/
Never use Google. They hate freedom, and hate liberty.

>google ?
if you was payed from them you should say : god saves google !
lol

Updated to 6.0 now when I go to load it I get a could not load XPCOM how do I fix this?

You mean 6.0.6? Which version did you use before? My first guess is your Antivirus/Firewall software is not liking Tor Browser anymore. Could you give us a more detailed error message?

Same problem.
Running WIN7 and AVAST, updated Windows prior to TOR update and TOR ran quite fine.
Updated to TOR 6.0.6 in the TOR browser and started getting "Can't load XPCOM" error.
Removed TOR, reinstalled from TOR site same error.
Installed Firefox browser runs just fine.
Removed AVAST still XPCOM error.
Removed TOR rolled back Windows updates and reinstalled TOR same error message.
Any information appreciated.
thanks for running TOR and keep up the good work.

Update on above.
I updated Win7 and Avast with out TOR installed.
Installed 6.0.6 Same Error "Can't load XPCOM"
Removed TOR.
Found a copy of TOR 6.0.5 which ran like a champion.
Shut down TOR 6.0.5 and re-opened TOR from shortut, Auto updated to 6.0.6 and error message re-appeared "Can't load XPCOM"
CJ

That's sad to hear. I am not sure what process on your system is still interfering with Tor Browser here. Could you give us a more detailed error log by chance?

Does this help?
Description
Faulting Application Path: C:\Users\Christopher\Desktop\Tor Browser\Browser\firefox.exe

Problem signature
Problem Event Name: APPCRASH
Application Name: firefox.exe
Application Version: 45.5.0.0
Application Timestamp: 00000000
Fault Module Name: xul.dll
Fault Module Version: 45.5.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 01efe89c
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 3081
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

Extra information about the problem
Bucket ID: 1190358135

XPCOM errors are a sign of being infected by the "Windows" trojan.
Remove that malware by installing QubesOS and choosing a clean install. This is the absolute minimum reasonable computer safety.

No script's drop down menus flicker out so you can't point at them successfully with the mouse

If you click it as a normal button, it'll work as a normal menu instead of hint-like one.

What is "normal button"? When you click on it the next set of choices appear and flicker out and then you can't click the next choice because they disappeared.

Hmm, the testcase where it appears was found, and it's actually not only a NoScript issue (webpage is constantly updating its content), but if you want you can report it to Maone's Forum. Does context (right-click) menu work for you?

Hover, left click, right click, same results.

u publish comments?

Various entities have various blogs accessible at blog.torproject.org. Some of them, e.g. Tails and some TP employees, have chosen not to enable posting in their blogs. Others enable posting but lack time to repel all the spam, so many legitimate comments/replies are not posted. It's frustrating but when you consider all the things that a handful of TP employees are doing, and consider the seriousness of technical and political threats from governments such as the USG, China, Saudi Arabia, or Russia, you see that this issue is unavoidable just now.

Make sure cookies are enabled. Everhthing I posted here with cookies disabled never showed up. Blocking 3rd part cookies is omay though.

i really thanks to all tor parents,good jop

The default list of web contents search engines are something to do with google or yahoo, do they send the privacy data to them?

Only if you actually search with those engines or have search suggestions enabled.

You can't take Tor Project seriously when they keep compiling it with OpenSSL instead of LibreSSL.

How many times have we been hit with OpenSSL vulnerabilities?

When is the Tor Project going to make the switch?

This.

Patches welcome xD

I don't know if they've considered it yet, but if so I would bet it comes down to the fact that the developers already have a lot to do, and no one else has taken the time to do the migration and submit a patch. There also might be portability or other concerns holding up the process. IRC would probably be the best place to discuss it with the developers first, then possibly the bug tracker.

I share your frustration, but making a major change introduces the possibility of breaking Tor security in another way. So the proposed change is something to consider, and probably worthwhile if the devs conclude it can be done safely, but I doubt they have the time right now.

So many threats... sigh...

LibreSSL is a drop in replacement of OpenSSL, they share the same API.

The biggest differences are LibreSSL ripped out all the insecure bs from OpenSSL, and LibreSSL uses a standard memory allocator instead of the NSA induced customized OpenSSL memory allocator that was carefully crafted to bypass OS memory protection, allowing important information such as cert keys to stay in memory forever, exposing them to various vulnerabilities.

If you are new to Tor, you have to watch this LibreSSL video to understand how dangerous OpenSSL is:

Youtube search:
LibreSSL: The first 30 days, and what the Future Holds

As far back as 2015, reports (some clear, others obscure) indicated that vulnerabilities were identified by various agencies w/in the US.

It went on to say that those vulnerabilities were exploited, and in fact are in the process (2016) of being classified as National Security software, therefore the code is not being released to the public domain.

One of the tenants of security software development and deployment is that developers usually need a second set of eyes on the effort. Basically because at times, developers are too close to the trees to see the forest. Fresh minds and fresh approaches are more likely to float areas the the originators simply didn't think of as they worked deep inside the application/function.

With the newest release (and perhaps prior ones) is the TBB more effective in removing or severely curtailing such hacks during our use of the TBB?

I sure believe in and support the TBB. I'm just curious to understand if this vulnerability has been remediated.

Thank you for your time and consideration.

What the hell. Now DDG doesn't work at all. Yes, I deleted my previous install and installed 6.0.6 anew. Neither url-bar search or search-bar search (tls DDG nor .onion DDG) works. It did the first, fresh instance I used it. Then I renewed Identity and now all I get is this error message after being re-directed to DDG's standard search page:
"Oops, there was an error. Please try again."
"If it persists, please email ops@duckduckgo.com"
Either this is a universal problem at this moment on DDG's end or something was screwed up in the new Tor Browser search engine tweaks.

That should be fixed now. I contacted the DDG team and they looked into it.

Oh and I'm on Linux

I'm the person who commented about 6.0.6 DDG not working correctly. It seems the problem was on DDG's side. It now works as it should again. Thanks for your great work, Tor team!

Im having trouble, i try to download it then Norton says "fewer than 5 users used this file", and it was recognized as "WS.Reputation.1", and removed.

If you have "Norton" or "McAfee" errors it means there is a big problem with your computer.
These errors mean it has "Windows" which is very bad for you and for everyone your computer can connect to.
For anyone who is tech-savvy enough to search for "QubesOS", it is easy enough to install. No command-line/terminal/complicated stuff. It will makd your computer much more safe for yourself and those it connects to than leaving "Windows" on it will.
Best wishes.

I have updated today 18 NOV 2016 the TOR BROWSER to 6.0.6.version.

The McAFFE antivirus has detected four Trojans during the installation and deleted them.
Trojans have been detected as Artemis!39E8FB7DB6F9
Artemis!A8B534817E99
Artemis!EB71C6C55A6D
Artemis!5DEFB87498BC

File were on the Pluggable Transports folder
meek client ,
obfs4proxi
termianteproc.

Hi everyone,

Same happened to me but MCAfee only deteced one Trojan, named => Artemis!5DEFB87498BC,put in quarantine

+My Tor Browser do not functin as before. Can't get any Startup symbol. I have to reinstall Tor, every time/every day!?

I read about that Tor has spy-ware...but its the first time I've noticed it.

/Just saying...

My McAfee Security has also identified and quarantined the first
of the aforementioned Trojans:
Artemis!A8B534817E99
It was in the same location (meek.)
Is it advisable to manually search for the others? Also, what threat does this class of Trojans pose? The only information I found was that there are a multitude of them.
Most importantly, is it safe to use this this release that I downloaded?
I'm quite new at this stuff.

Yep same here same infections found

During update 2mins ago, I received the exact same Trojan warnings on McAfee

I'm getting the same thing