New Release: Tor Browser 8.5a3

Tor Browser 8.5a3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr. Thus, users are fine with Tor Browser 8.5a3 even though the Firefox version is 60.2.1esr.

Furthermore, this release fixes Windows startup crashes and makes Tor Browser more compatible with the new macOS 10.14.

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. The most important current issues are:

The full changelog since Tor Browser 8.5a2 is:

  • All platforms
    • Update Firefox to 60.2.1esr
    • Backport fix for Mozilla bug 1493900 and 1493903
  • Windows
    • Bug 27865: Tor Browser 8.5a2 is crashing on Windows
  • OS X
    • Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility

October 05, 2018


On the subject of accessibility, the Tor button is black even in high contrast mode, and is thus not visible in high contrast black.


October 05, 2018


Please disregard my last message, the Tor button was black on 8.5a1 but once my browser updated to 8.5a3 it became visible on the toolbar.


October 05, 2018


Tor browser is amazing

400 Bad Request

Sometimes it happens to me too, but it seems to be a problem with Duckduckgo, rather than Tor Browser.

Why don't we see a great increase of traffic in after enabling CF's alt-svc .onion redirection?

have the problem (Windows 10) that I am not able to save any downloads on a netwerkshare (SMB).. simply it doesn't work. also the default downlaod location can't be set to a network-share .. thanks for any hint!!

We guess we disabled that with network.file.disable_unc_paths set to true because of possible proxy bypasses. See:….

Why is libwinpthread-1.dll still loaded after ?

So, you needed it for Firefox, but added for every executable?


it is the best secure apps

I started to use tor 8.0.2, and when it starts, my antivirus detected a threat, I do not know what it was, but I'll wait a while, see what people talk about

For dev interest, seeing this attack with 8.0.2 or 8.5a3:

- Security slider safest position.
- Do normal browsing (no JS).
- Adversary performs attack where JS is suddenly enabled (no change in website required). S symbol becomes open in front of your eyes.
- Have to destroy the VM (Disposable) immediately to limit risk of infection

Obviously there is some gaping hole weakness in NoScript and how it intersects with Tor Browser. Might wanna look into that...

Do you have steps to reproduce that?

Nothing special.

- Fresh Qubes-Whonix DisposableVM
- Browse.

Saw this attack on this website, Whonix v3 onion and Github. Usually appeared within 1-2 minutes of new browser session after previous DispVM destroyed. Appears to have eased, but I wonder whether they can target users of particular destination websites, or whether I'm just on their pet list (probably the latter)

Guys, please stop to put Google within TOR. Google Safe Browsing for Firefox is still within the package and log users IP!

Secound, This TOR version is too slow and using too much RAM!

The Home Website to check the server TOR IP is gone, why?

And, NOSCRIPT still mark Google as a trusted website. How do we get rid of Google?

How about add WebP format support

Thank you

What do you mean?

It seems they meant Tor Browser will get that once it is in the next Firefox ESR release.

strange i have a lock on my applications folder in mojave and it doesn't allow me to drag/drop tor packet.

also note
any time tor updates i typical lose functionality.
and have to tinker to get it back up.

Which functionality are you losing? Does mojave prevent your from installing a clean, new Tor Browser?

Sorry, you have been blocked
You are unable to access


“[CloudFlare doesn’t] appear open to working together in open dialog, they actively make it nearly impossible to browse to certain websites, they collude with larger surveillance companies (like Google), their CAPTCHAs are awful, they block members of our community on social media rather than engaging with them and frankly, they run untrusted code in millions of browsers on the web for questionable security gains.”

hey im trying to get into the forums like the card cracking and nothing will come up it will eventually send me to a page saying the host is taking too long and to retry am i doing something wrong?

Hey! Why the fuck `firefox-esr60 --- wontfix`?

Haha! Stupid tor! It gave me a shitty guard, so I changed it to obfs4 in TL. But that one wasn't good, so I changed back to normal guard and also checked firewall policy to 80, 443. AND:

Tor WARN: Failed to find node for hop #1 of our path. Discarding this circuit.
Tor WARN: Could not choose valid address for abunyasha

is spamming Browser Console until I uncheck firewall policy! Shit!

How to configure Tor for total anonimaty?, please be direct and simple, i dont speak english very well, i dont know how to configure this new tor, the only one thing that i do is put the security bar in safest, dont know fi its enought

There is nothing "total" in our world, but it is much more secure to download and use Tails or Whonix.

This web site works well with old versions of TBB, and with 8.0, but with 8.5a3 and with 8.0.2 it is broken. Namely, after CloudFlare CAPTCHA is passed, JS is not loaded at the page at all. With NS disabled it doesn't work also. I think something is broken after transition from 8.0.1 to 8.0.2. Could you find the problem?

I suspect this is due to the weird Cloudflare setup they have. Does the cat appear if you click on the chat button? (after solving yet another CPATCHA)

Cat? Not. :) Chat - Yes. Indeed, sometimes CAPTCHA is asked 2nd time just before entering the chat, but this is not the problem. In 8.0.2 I always get the page, where no button is clickable. You can open this site with old TBB version and see the difference. It is just Russian analogue of (chat with randomly selected person, where age and gender can be chosen).

WFM on Windows, 8.0.2

It still does not work for me (Linux, 64).

I see they fixed their website today. Now it is working also for me (on Linux). Thanks to all for replies! Problem is solved.

Actually, it is not solved, most of the time it doesn't work. Now it often doesn't work even with older TBB.

However, it works fine with modern TBB if tor's traffic also passes extra (non-tor) proxy. So, Georg was right that it is not an issue of tor browser. Admins (or Google's CAPTCHA?) simply block some JS scripts based on IP address.

What's the status of encrypted sni support that Cloudflare announced for TLS 1.3?