New Release: Tor Browser 8.5a7

Tor Browser 8.5a7 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This new Tor Browser version ships the first alpha in Tor's 0.4.0 series, 0.4.0.1-alpha.

This release also features a lot of improvements regarding our branding. We ship our new Tor Browser logo for the first time in a release build on desktop platforms and are eager to learn about bugs and general feedback. Thanks for Antonela and Richard working on this!

Due to a last minute bug making our build non-reproducible, we had to revert the patch rebranding the Windows installer. We plan to have it fixed in the next alpha release.

Additionally, we fixed a number of crashes noticed in previous releases (WebGL crashed on some Windows machines, the print dialog on some Linux systems, and downloading files on some Android devices).

Note: Due to a bug in Tor 0.4.0.1-alpha, the Windows bundles on a new clean install will get stuck during the first start. Restarting the browser should solve the issue.

The full changelog since Tor Browser 8.5a6 is:

  • All Platforms
    • Update Firefox to 60.5.0esr
    • Update Torbutton to 2.1.4
      • Bug 25702: Update Tor Browser icon to follow design guidelines
      • Bug 21805: Add click-to-play button for WebGL
      • Bug 28836: Links on about:tor are not clickable
      • Bug 29035: Clean up our donation campaign and add newsletter sign-up link
      • Translations update
      • Code clean-up
    • Update HTTPS Everywhere to 2019.1.7
    • Update NoScript to 10.2.1
      • Bug 28873: Cascading of permissions is broken
      • Bug 28720: Some videos are blocked outright on higher security levels
    • Bug 29082: Backport patches for bug 1469916
    • Bug 28711: Backport patches for bug 1474659
    • Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
    • Bug 29028: Auto-decline most canvas warning prompts again
    • Bug 27597: Fix our debug builds
  • Windows
    • Update Tor to 0.4.0.1-alpha
    • Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
    • Bug 28111: Use Tor Browser icon in identity box
    • Bug 22654: Firefox icon is shown for Tor Browser on Windows 10 start menu
    • Bug 27503: Compile with accessibility support
    • Bug 28874: Bump mingw-w64 commit to fix WebGL crash
    • Bug 12885: Windows Jump Lists fail for Tor Browser
    • Bug 28618: Set MOZILLA_OFFICIAL for Windows build
  • OS X
    • Update Tor to 0.4.0.1-alpha
    • Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
    • Bug 28111: Use Tor Browser icon in identity box
  • Linux
    • Update Tor to 0.4.0.1-alpha
    • Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
    • Bug 28111: Use Tor Browser icon in identity box
    • Bug 27531: Fix crashing print dialog
  • Android
    • Bug 28705: Fix download crash on newer Android devices
    • Bug 28814: Backport 1480079 to allow installing downloaded apps
  • Build System
    • All Platforms
      • Bug 29158: Install updated apt packages (CVE-2019-3462)
      • Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
    • Windows
    • Linux
    • Android
      • Bug 28752: Don't download tor-android-binary resources during build
Anonymous

January 31, 2019

Permalink

15:29:19.237 TypeError: hostName is null 1 security.js:55:9
_getSecurityInfo chrome://browser/content/pageinfo/security.js:55:9
securityOnLoad chrome://browser/content/pageinfo/security.js:179:14
onmessage chrome://browser/content/pageinfo/pageInfo.js:372:5

Anonymous

January 31, 2019

Permalink

Reloading https://hg.mozilla.org/releases/mozilla-esr60/rev/fe547fe73bba
[01-31 15:55:12] Torbutton INFO: tor SOCKS: https://hg.mozilla.org/static/3b362b7a9144/style-gitweb.css via
mozilla.org:d0148e6f3897997e603b597862d8ec9a
[01-31 15:55:12] Torbutton INFO: tor SOCKS: https://hg.mozilla.org/static/3b362b7a9144/mercurial.js via
mozilla.org:d0148e6f3897997e603b597862d8ec9a
[01-31 15:55:12] Torbutton INFO: tor catchall circuit has been dirty for over 10 minutes. Rotating.
[01-31 15:55:12] Torbutton INFO: New domain isolation for --unknown--: 0740d7fdd958dd54f49a14cf90c77785
[01-31 15:55:12] Torbutton INFO: tor SOCKS: https://hg.mozilla.org/static/3b362b7a9144/mercurial.js via
--unknown--:0740d7fdd958dd54f49a14cf90c77785[01-31 15:55:12] Torbutton INFO: tor SOCKS: https://hg.mozilla.org/static/3b362b7a9144/moz-logo-bw-rgb.svg via
mozilla.org:d0148e6f3897997e603b597862d8ec9a
[01-31 15:55:12] Torbutton INFO: tor SOCKS: https://hg.mozilla.org/static/3b362b7a9144/hgicon.png via
mozilla.org:d0148e6f3897997e603b597862d8ec9a
So, what's wrong with that cached js? Other cached items work properly. No OA saved for cached js?

Because the log indicates that the js file is requested once over the mozilla circuit and once over the catch-all circuit. Thus, if you only see indeed one request it seems to me this is actually the same bug.

> Bug 26148: Update binutils to 2.31.1
What is the reason to bump binutils now? I couldn't find any.

Bug 28618 is one. Another one is that it greatly simplifies our patch handling for it as some patches were upstreamed meanwhile. A third reason is that it was way behind the current stable release.

Unbelievable the number of people that complain "opengl don't work" "pdf is broken"... If you want all those feature but just use google chrome idiots !

Thanks Tb team for you work, just finish to emerge it

Would really like to see uMatrix replace noScript. Smart HTTPS replace HTTPS Everywhere. A decent cookie manager. No big deal since we can reconfigure extensions ourselves.

Also, detailed about:config modifications should be part of an html-based page (part of the install). This way we can see the modifications. Included are recommended modifications that haven't been made for reasons of stability. Things like telemetry, clipboard, Service Workers, Push Notifications, Studies, Pocket, etc... Even Wifi Location Tracking (Google APIs) can all be added to your about:config changes/recommendations.

https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/… is a good starting point to collect that info and should cover the majority of pref changes. But, yes, having one place handy where one can see those (and others) would be neat. Please help!

Im using orbot to control other apps that use tor. The new torbrowser for android breaks it. what is the solution?

How does Tor Browser for Android break your Orbot you use to control other apps with? What is happening? (Depending on that I might be able to come up with a solution. :) )

torbrowser does not start because it has its own orbot I assume. so now there are 2 orbots on the same device and this is why I think torbrowser stops working.

to reproduce install orbot first (latest version) then torbrowser then try to start torbrowser it will not work.

as I mentioned in the first comment I need the separate orbot to use vpn mode for other apps.

what to do now?

What happens if you try to start Tor Browser? What happens if you disable VPN mode in Orbot? Does Tor Browser then work for you?

Tor NOTICE: No circuits are opened. Relaxed timeout for circuit 118 (a Measuring circuit timeout 3-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway.

Tor NOTICE: Our directory information is no longer up-to-date enough to build circuits: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 6563/6619).
Tor NOTICE: I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 6563/6619).

For many days now a cannot update my tor install in ubuntu trusty i386, I also had to remove source from list because of update errors. I followed the instructions on tor site. Is there a problem for Ubuntu 14.04.5 i386 repository/ppa ?

Is that a Tor Browse question? I think you are referring to Tor? We stopped providing .deb files for Trusty IIRC as it is soon an unsupported Ubuntu and there were errors during test runs I think.

Tor android is as safe as the pc?

And about the update android, it can not download images yet and the vpn is not activated.

Which Tor Browser version are you on and what Android version? We had issues with downloading things on Android 7+ phones (the browser would crash), but that should be fixed now in 8.5a7. Do you have an example image/website where a download is not working for you?

Yes, we don't support VPN mode with Tor Browser, this is expected.

Whether the browser for Android is as safe as the one for the PC is hard to tell. We hope so but security among desktop platforms is even varying, so it is hard to compare. At any rate, if you need to have Tor Browser on your Android device Tor Browser as we have it right now should be your first choice.

About the images, this photo of Twitter is not downloaded and in general from anywhere.
https://pbs.twimg.com/media/DyvmxooWsAItw0N.jpg

What happens in this case for you?

If you rename the browser folder, you'll get a broken browser with
Could not read chrome manifest 'jar:file:///%CHANGED_PATH%/Browser/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi!/chrome.manifest'.
Could not read chrome manifest 'jar:file:///%CHANGED_PATH%/Browser/TorBrowser/Data/Browser/profile.default/extensions/torbutton@torproject.org.xpi!/chrome.manifest'.
Could not read chrome manifest 'jar:file:///%CHANGED_PATH%/Browser/browser/extensions/%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D.xpi!/chrome.manifest'.

But this one is on Windows.

I updated the ticket description and added a note, thanks!

I love it. Great Work and Great Service..

Yup. I already notified the HTTPS-Everywhere folks last week. I hope this will be resolved soon.

Maybe startpage can be added as well as another search engine?

Melhorem mais a segurança! Abraços!