Tor Browser 6.5.1 is released
This release features important security updates to Firefox.
This is the first minor release in the 6.5 series and it mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to 0.2.9.10, OpenSSL to 1.0.2k, and HTTPS-Everywhere to 5.2.11.
Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.
In Tor Browser 6.5 we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.
An other regression introduced in Tor Browser 6.5 is the resizing of the window. We are currently working on a fix for this issue.
Here is the full changelog since 6.5:
- All Platforms
- Update Firefox to 45.8.0esr
- Tor to 0.2.9.10
- OpenSSL to 1.0.2k
- Update Torbutton to 220.127.116.11
- Update HTTPS-Everywhere to 5.2.11
- Bug 21514: Restore W^X JIT implementation removed from ESR45
- Bug 21536: Remove scramblesuit bridge
- Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
- Bug 21326: Update the "Using a system-installed Tor" section in start script
Somebody commenting here should know more.
I have read little, but it looks like the claims of exploitable devices are old claims.
If we search more, we should find a security site that outlines the initial exploit of ios or android.
I don't think anyone has leaked the actual infection tools.
I think android uses orfox as android version of Tor browser?
Ios has no Tor browser?
iOS has Onion Browser, available with source code, now donation based.