New Release: Tor Browser 8.5a4

Tor Browser 8.5a4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Highlights in Tor Browser 8.5a4 are a new Tor alpha version, 0.3.5.3-alpha, a fixed layout of our macOS installer window and Stylo (Mozilla's new CSS engine) being enabled on macOS after fixing a reproducibility issues. Please report any problems you find with those macOS related changes as we think about backporting them for the stable series.

Moreover, we backport a defense against protocol handler enumeration developed by Mozilla engineers and provide Tor Browser on all supported platforms in four additional locales: cs, el, hu, and ka.

Note: It turned out it was a bit premature to ship the new locales as we did not catch bugs in them last minute, so we don't make them available on our download page. Sorry for the inconvenience.

 

The full changelog since Tor Browser 8.5a3 is:

  • All Platforms
    • Update Firefox to 60.3.0esr
    • Update Tor to 0.3.5.3-alpha
    • Update Torbutton to 2.1.1
    • Update Tor Launcher to 0.2.17
    • Update HTTPS Everywhere to 2018.9.19
    • Update NoScript to 10.1.9.9
    • Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
    • Bug 27905: Fix many occurrences of "Firefox" in about:preferences
    • Bug 28082: Add locales cs, el, hu, ka
  • Windows
    • Bug 21704: Abort install if CPU is missing SSE2 support
    • Bug 28002: Fix the precomplete file in the en-US installer
  • OS X
    • Bug 26263: App icon positioned incorrectly in macOS DMG installer window
    • Bug 26475: Fix Stylo related reproducibilitiy issue
  • Linux
    • Bug 26475: Fix Stylo related reproducibilitiy issue
    • Bug 28022: Use `/usr/bin/env bash` for bash invocation
  • Android
    • Backport of fixes for bug 1448014, 1458905, 1441345, and 1448305
  • Build System
    • All Platforms
      • Bug 27218: Generate multiple Tor Browser bundles in parallel
    • Windows
    • OS X
Anonymous

October 23, 2018

Permalink

00:48:25.836 this.browser is null 1 ext-tabs-base.js:298
get frameLoader chrome://extensions/content/ext-tabs-base.js:298:5
get frameLoader chrome://browser/content/ext-browser.js:605:5
get width chrome://browser/content/ext-browser.js:678:5
convert chrome://extensions/content/ext-tabs-base.js:579:7
get chrome://browser/content/ext-tabs.js:572:18
next self-hosted:1214:9
get self-hosted:977:17
call/result< resource://gre/modules/ExtensionParent.jsm:772:57
withPendingBrowser resource://gre/modules/ExtensionParent.jsm:427:26
next self-hosted:1214:9
call resource://gre/modules/ExtensionParent.jsm:771:20
next self-hosted:1214:9
torbutton_send_ctrl_cmd chrome://torbutton/content/torbutton.js:770:10
torbutton_do_new_identity chrome://torbutton/content/torbutton.js:1143:10
torbutton_new_identity chrome://torbutton/content/torbutton.js:867:9
oncommand chrome://browser/content/browser.xul:1:1

Well, requests for cached items should not hit the network. Thus, that might be a misleading log line in that the request is later on cancelled internally (i.e. the resource gets loaded from the cache but the request is not going out over the network).

13:56:09.572 TypeError: doc is null 1 ContextMenu.jsm:520:1

My TOR auto-updated. My Anti-virus red flagged PINGSENDER.EXE as malicious. Just letting you know.

Thanks for the free software GK. We appreciate your efforts too.

I'm not sure if this is the right place to ask, but is it safe to use a download manager together with TOR? Which one is recommended (IDM?)

just using tor to download tor. lol

it is NOT safe to use a download manager (plugin-addon) together with Tor.
none plugin-addon is recommended together with Tor.

Hello, I've said this on every update post since the 'Quantum' upgrade:
- Tor doesn't remember the size that it was left on before closing, so when it opens again it ends up being in a very specific and unique size for those of us that have tabs open.
- Tor is not allowing me to login to disqus, no matter what I add to the whitelist.
- Can you bring back the Sync function?

I've tried to fix those issues on Windows 7, Ubuntu 16.04, Ubuntu 18 and Windows Vista with no success.

What size is that for you? Can you check with some test on the internet? Regarding Disqus: yes, that's a known but someone needs to investigate: https://trac.torproject.org/projects/tor/ticket/27249 (please help if you can). Finally, Sync is just disabled via identity.fxaccounts.enabled set to false, I believe. Does flipping that pref help you?

(#2) Error Killing GPU process due to IPC reply timeout
(#3) Error Failed to connect GPU process
(#4) Error Receive IPC close with reason=AbnormalShutdown

Guys, Google Safe Browsing and Google itself should not be within a privacy software like Tor.

Please get rid of Google from future releases.

Thanks.

07:38:52.125 Can not decrement crashed tab count to below 0 ContentCrashHandlers.jsm:528
onAboutTabCrashedUnload resource:///modules/ContentCrashHandlers.jsm:528:7
receiveMessage resource:///modules/ContentCrashHandlers.jsm:188:9
receiveMessage self-hosted:977:17
callListeners resource://gre/modules/RemotePageManager.jsm:33:9
portMessageReceived resource://gre/modules/RemotePageManager.jsm:123:5
portMessageReceived self-hosted:977:17
callListeners resource://gre/modules/RemotePageManager.jsm:33:9
ChromeMessagePort.prototype.observe resource://gre/modules/RemotePageManager.jsm:361:3

Torbutton: Unexpected error on new identity: TypeError: m_tb_prefs is undefined

[10-27 00:09:27] Torbutton INFO: This is not a Tor Browser: TypeError: m_tb_prefs is undefined
TypeError: m_tb_prefs is undefined[Learn More] torbutton.js:237:7
torbutton_donation_banner_countdown chrome://torbutton/content/torbutton.js:237:7
torbutton_init chrome://torbutton/content/torbutton.js:354:5
if you copy TBB to a different folder on Windows :(

Just downloaded tor. then onion would not let me download the opposite way thought you had to download onion first, also i have ip vanish turned on does that help?

How about backporting all the devirtualization patches?
https://bugzilla.mozilla.org/show_bug.cgi?id=1332680

0:07:30.957 NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMWindowUtils.isParentWindowMainWidgetVisible] 1 nsPrompter.js:339

So what are you going to do with https://tls13.crypto.mozilla.org/ while mozilla doesn't care?

1

1-unable to request bridges within TOR get error 500
2-the webpage to request bridges is not functioning

One web browser test site says I'm, on Windows 7
https://html5test.com/
another says Linux
https://content-security-policy.com/browser-test/
Is that ok?

Here is one more web site https://browserleaks.com/ip

Passive, SYN Linux 2.2.x-3.x | Language: Unknown | Link: Ethernet or modem | MTU: 1500 | Distance: 5 Hops

User-Agent Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

I am using Ubuntu 18.04 for testing

I use separate TBB with disabled scripts (javascript.enabled=false). Is it safe to completely disable (or remove) NS plugin in this case? I want to do it because NS slows down my tor browser.

Why is that a MUSTHAVE?

"we are adding a notification to our Firefox Quantum browser that alerts desktop users when they visit a site that has had a recently reported data breach. We’re bringing this functionality to Firefox users in recognition of the growing interest in these types of privacy- and security-centric features."

2 months and Tor 8.0-8.5 wont start without displaying anything. The voluntarily turned on log shows:
"Error: the firefox package (version 60 or more) is not installed.
On CentOS/RHEL 6, Tor Browser requires the firefox package to be installed."
Always downgrading to v7 by overwriting directory contents, and that works.

Have you tried following the advice that the log shows you instead? Downgrading to Tor Browser 7 should be avoided as it contains a number of unpatched security bugs.

Since v8 i'm paralyzed by this on CentOS:
libgtk-3.so.0: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

No sudo.

That's on CentOS 6, right? You need to have installed the CentOS firefox package as well to make Tor Browser 8 work on this system.

NoScript is still not saving per site permissions. This is seriously annoying, preventing me from customizing which sites I trust or not, while turning script fully on by default, every time Tor Browser is restarted! As it's been several iterations now since this bug has been active, I'm going right back to an older version of Tor Browser until it's fixed.

You should give https://trac.torproject.org/projects/tor/ticket/27175 a closer read where this got fixed (you need to flip a preference to be able to save exceptions as having those exceptions is a serious fingerprinting risk).