New Release: Tor Browser 8.0.1
This release features important security updates to Firefox. Note that we just picked up the necessary patches this time but did not bump the Firefox version to 60.2.1esr as we needed to start building before Mozilla was ready. Thus, users are fine with Tor Browser 8.0.1 even if the Firefox version says 60.2.0esr.
Moreover, Alex Catarineu from Cliqz found a mistake we made that would make it possible to trick a user into installing an unsigned Torbutton extension. Thus, all users are encouraged to update older Tor Browser versions to 8.0.1 and keep in mind that installing third party extensions is potentially dangerous to Tor Browser's privacy guarantees and therefore strongly discouraged.
Tor Browser 8.0.1 is shipping the first stable Tor in the 0.3.4 series (0.3.4.8) which solves an annoying crash bug on older macOS systems (10.9.x).
Finally, we included a banner for signing up to Tor News which allows anyone to stay up-to-date about things going on in the Tor universe (which is, admittedly, sometimes hard to keep track of).
We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. While we fixed a number of them for the 8.0.1 release, there are still issues remaining. The most important ones are listed below:
- WebGL is broken right now.
- Accessibility support is broken on Windows. We are considering options to address this issue right now.
- Tor Browser 8 is not starting anymore on some older Ubuntu/Mint Linux systems. We still have issues to reproduce this bug but hope we can fix it in the next release.
- Tor Browser 8 is not starting anymore on CentOS 6. We have a fix in our upcoming 8.5a2 to give it a bit of testing. Users affected by this bug may resort to that alpha version for now. We plan to backport the patch in the next stable release.
- NoScript is not saving per-site permissions anymore. We have a potential patch for this bug in our 8.5a2 release as well and plan to backport it, too, in the next stable release in case no issues with it are found.
Note: The changelog file has an incorrect release date (September 24 instead of September 22).
The full changelog since Tor Browser 8.0 is:
- All platforms
- Update Tor to 0.3.4.8
- Update Torbutton to 2.0.7
- Bug 27097: Tor News signup banner
- Bug 27663: Add New Identity menuitem again
- Bug 26624: Only block OBJECT on highest slider level
- Bug 26555: Don't show IP address for meek or snowflake
- Bug 27478: Torbutton icons for dark theme
- Bug 27506+14520: Move status version to upper left corner for RTL locales
- Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
- Bug 27558: Update the link to "Your Guard note may not change" text
- Translations update
- Update Tor Launcher to 0.2.16.6
- Bug 27469: Adapt Moat URLs
- Translations update
- Update NoScript to 10.1.9.6
- Bug 27763: Restrict Torbutton signing exemption to mobile
- Bug 26146: Spoof HTTP User-Agent header for desktop platforms
- Bug 27543: QR code is broken on web.whatsapp.com
- Bug 27264: Bookmark items are not visible on the boomark toolbar
- Bug 27535: Enable TLS 1.3 draft version
- Backport of Mozilla bug 1490585, 1475775, and 1489744
- OS X
- Bug 27482: Fix crash during start-up on macOS 10.9.x systems
- Bug 26556: Fix broken Tor Browser icon path on Linux
Bug 26624: Only block OBJECT on highest slider level
WHY?! Where in the Design Guide do you state it should be blocked?