New Release: Tor Browser 8.0.1

Tor Browser 8.0.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Note that we just picked up the necessary patches this time but did not bump the Firefox version to 60.2.1esr as we needed to start building before Mozilla was ready. Thus, users are fine with Tor Browser 8.0.1 even if the Firefox version says 60.2.0esr.

Moreover, Alex Catarineu from Cliqz found a mistake we made that would make it possible to trick a user into installing an unsigned Torbutton extension. Thus, all users are encouraged to update older Tor Browser versions to 8.0.1 and keep in mind that installing third party extensions is potentially dangerous to Tor Browser's privacy guarantees and therefore strongly discouraged.

Tor Browser 8.0.1 is shipping the first stable Tor in the 0.3.4 series ( which solves an annoying crash bug on older macOS systems (10.9.x).

We found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level now while still allowing to query the unspoofed User Agent with JavaScript. This takes concerns about any server passively logging the User Agent into account while still avoiding broken websites as good as we can. Thanks to everyone who helped with this issue.

Finally, we included a banner for signing up to Tor News which allows anyone to stay up-to-date about things going on in the Tor universe (which is, admittedly, sometimes hard to keep track of).

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. While we fixed a number of them for the 8.0.1 release, there are still issues remaining. The most important ones are listed below:

  • WebGL is broken right now.
  • Accessibility support is broken on Windows. We are considering options to address this issue right now.
  • Tor Browser 8 is not starting anymore on some older Ubuntu/Mint Linux systems. We still have issues to reproduce this bug but hope we can fix it in the next release.
  • Tor Browser 8 is not starting anymore on CentOS 6. We have a fix in our upcoming 8.5a2 to give it a bit of testing. Users affected by this bug may resort to that alpha version for now. We plan to backport the patch in the next stable release.
  • NoScript is not saving per-site permissions anymore. We have a potential patch for this bug in our 8.5a2 release as well and plan to backport it, too, in the next stable release in case no issues with it are found.

Note: The changelog file has an incorrect release date (September 24 instead of September 22).

The full changelog since Tor Browser 8.0 is:

  • All platforms
    • Update Tor to
    • Update Torbutton to 2.0.7
      • Bug 27097: Tor News signup banner
      • Bug 27663: Add New Identity menuitem again
      • Bug 26624: Only block OBJECT on highest slider level
      • Bug 26555: Don't show IP address for meek or snowflake
      • Bug 27478: Torbutton icons for dark theme
      • Bug 27506+14520: Move status version to upper left corner for RTL locales
      • Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
      • Bug 27558: Update the link to "Your Guard note may not change" text
      • Translations update
    • Update Tor Launcher to
      • Bug 27469: Adapt Moat URLs
      • Translations update
      • Clean-up
    • Update NoScript to
    • Bug 27763: Restrict Torbutton signing exemption to mobile
    • Bug 26146: Spoof HTTP User-Agent header for desktop platforms
    • Bug 27543: QR code is broken on
    • Bug 27264: Bookmark items are not visible on the boomark toolbar
    • Bug 27535: Enable TLS 1.3 draft version
    • Backport of Mozilla bug 1490585, 1475775, and 1489744
  • OS X
    • Bug 27482: Fix crash during start-up on macOS 10.9.x systems
  • Linux
    • Bug 26556: Fix broken Tor Browser icon path on Linux

September 25, 2018


If Cloudflare blocks TOR traffic based on user agent string, then how LONG does it take for them to update their servers when a new TOR version is released?


September 26, 2018


Having a problem with the auto-update feature. Torbutton continues telling me a TB update is available, even though I've "updated" it to 8.0.1 several times now. It restarts and says "Tor browser is checking addon compatibility and will start in a moment," and then starts but the About page still says Tor Browser 8.0. I imagine a fresh install will fix it, but I just wondered if anyone else was having this problem. Qubes 3.2 with Whonix, vanilla updater.

Hm. You mean the text in the browser itself stays on english if you click on browser menus? Do you have a screenshot which could help understanding your issue? If you go on the about:addons page do you see a language pack section on the left? If so, what does it show if you click on it?


September 26, 2018


I visited and found that torbrowser 8.0.1 leaked my operate system. Usually the headers of browser should be same as the javascript, as bellow shows.

Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

But torbrowser 8.0.1 gets this result.

Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

Fix some sites for macOS users by showing real OS and compromising privacy of GNU/Linux users, but don't care about breaking cloudflared websites. Genius! Maybe this is some kind of warrant canary?

No, it's a joint effort of Mozilla's & Tor's developers :(

Is there any thought to replacing the Firefox icons that appear when you pin Tor to the Start Menu in Windows 10? The icons are in the VisualElements folder.

04:50:49.748 TypeError: content.document.body is null 1 aboutTor-content.js:76:34

Tor crashes every now and then at startup.
Using Windows 10 home edition.

9/28/18, 06:35:57.877 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit
9/28/18, 06:35:58.175 [NOTICE] Tor has successfully opened a circuit. Looks like client functionality is working.
9/28/18, 06:35:58.175 [NOTICE] Bootstrapped 100%: Done
9/28/18, 06:36:02.968 [NOTICE] New control connection opened from
9/28/18, 06:36:02.968 [NOTICE] New control connection opened from

That log looks good. What happens if Tor Browser is crashing? Do you get an error message?

why is it that i have to solve a captcha everytime i go to a cloudflare protected website?
it didn't happened on the previous version.

Please fix cloudflare alt-svc to transparent onions no longer working between this and 8.0 i get much many more captcha now

Thank you for the Tor project. I've had major cloudflare issues though since updating to 8.0.1 on windows 7 professional 64 bit. In the two years I've used Tor browser I've only ever rarely encountered captchas, but since the update I'm consistently getting them, multiple times per page load attempt. I can eventually get rid of them by establishing a new tor circuit for the site, but I'm often needing to do this up to 20 times in a row to load a page.
I tried deleting and reinstalling with no relief, and I was reluctant to update to 8.5 as I can't see cloudflare mentioned as an issue. I've since rolled back to the previous version (7.5 something) and the problem has gone away.

Tor Browser 8.0.1 with NoScript Version don't view

I just tested with a clean new Tor Browser 8.0.1 on a Linux machine and I don't have this issue. Do you have steps to reproduce your problem? Which operating system are you using?

Tor Browser 8.0.1 on a Windows, noscript - default. VK redirect to badbrawser

On Tor Brawser 7 this issue cure:
NoScript Options > Advanced > Untrusted
Forbid META redirections inside elements

Hey, why cloudflare is FULLBREAKING netbrowsing with TBB again, again and again?

After send message to this blog, page go to infinity loop.
Tor on a Windows. scripts blocked.

8.0.1 unusable. pages stop loading after 30 seconds of use. must go back to 7.x to browse the internet.

Pictures on some sites are loaded from different domain (pic server, for optimization), but cloudflare blocks them with shitty captcha which can't be shown instead of a picture!
Please, help!

CloudFlare accsess error to
Unknoun error:

Security level safest, Tor browser 801, script block

Endless Captcha loops since the last major update to Tor Browser on almost all https web addresses ?

Never have I seen such a decline in functionality of Tor Browser before & I cannot understand why this wasn't firstly, extensively tested & secondly once discovered, subsequently held back for further code tweaking!? I've never had an issue with Captcha loops before as an experienced user & I do mean from the very beginning... ?

Fucking captcha is broken on 'Safer' level!!!

who do you see the circuit in TOR VERSION 8.0.1 - CAN NOT FIND IT ANYWHERE.. PLEASE HELP??

Left click on the round ( i ) (info button) at the far left of the address bar, I just found this out myself.

also stuck on 7.5.6 - seems last usable ver

While using obfs3 IP the captcha kept repeating. I tried a new circuit but it kept getting obfs3 IP the captcha appears to be the older one where you select an item with a check mark then copy and paste the correct results.

And how to watch it on 'Safer'?

Works for me if I click on the small NoScript block in the lower left corner to enable media. I agree, it would be better if one just needed to click on the "main" part of the video. Not sure why that is not working.

And where is the sound?

Great to see the "Tor Enabled" onion button is back again for "New Identity" but I can't see what country it is and I can't change identity for 1 specific window. There is only this "New identity" option wich will close and change ALL the windows.

I'm on Linux/Ubuntu 18.04.1 LTS

Thank's in advance!

"connection not secure" When I go to the tor circuit I notice a message stating connection not secure when I attempted to go to the site "" the site is valid and the circuit is Bridge obfs3, swedan, czeck republic

Should I report errors such as the above?

When starting Tor 8.0.1 on Windows 7 Ultimate I get the normal firewall alerts, but before I can tick yes to the one below:

Path:\Tor 8.0.1\Tor Browser\Browser\firefox.exe
An attempt to create a process has been detected.
Command line: Path:\Tor 8.0.1\Tor Browser\Browser\firefox.exe

a Windows popup box says:

[Window Title]
Path:\Tor 8.0.1\Tor Browser\Browser\TorBrowser\Tor\tor.exe

Windows cannot access the specified device, path, or file. You may not have the appropriate
permissions to access the item.


Then after allowing the firewall alert it says ''Tor failed to start''.
The ''OK'' button is very opaque, the ''OK'' can barely be read, the surround box is light blue.

After clicking on ''OK'' I get ''Tor unexpectedly exited. This may be due to a bug'' etc.

I click on restart Tor, 3 firewall alerts later it says starting, waited 5 minutes nothing.

Try again, hover mouse over Cancel and it turns the box very opaque, a white ''Cancel'' with a very light blue background.

Next attempt.. Loading network status, but the green progress bar doesn't move past the message, so cancel, quit.

Try again, Loading network status doesn't even appear, green bar doesn't show up, so quit.

So far I've only managed to get Tor 8.0.1 to work twice, once on the 1st attempt (after the Windows error popup box appeared though and after clicking on restart) and this time after about 6 or 7 attempts

The firewall log shows no blocks, maybe Tor just times out before I can click on yes to the firewall alert? I don't know.

*The other thing is where the heck is ABE in the new NoScript? as I can't find it anywhere.

new to this

Some Cloudflare sites even after getting the google captcha correct it just reloads the page instead of forwarding you to the website

Something I never noticed before but after clicking on enter on a website it auto maximized/full screened the page, then I get the warning about not doing that! lol.
Any way to stop them from doing that?.

It depends on what is actually happening. Does the website just resize the window to maximize it or does it put it into fullscreen mode? Two tickets (with further references) that deal with aspects of this problem are:

I can't recall now, but thanks for the links, you are obviously looking in to it.

I read this ticket:

and one user said HTML5 fullscreen API makes TB fingerprintable, disable it!

one suggestion is to set dom.disable_window_move_resize = true
via about:config

Is it ok to do this? or is that bug already fixed so not necessary?.