New Release: Tor Browser 8.0.8

Tor Browser 8.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

The main change in this new release is the update of Firefox to 60.6.1esr, fixing bugs found during the Pwn2Own contest.

The full changelog since Tor Browser 8.0.7 is:

  • All platforms
    • Update Firefox to 60.6.1esr
    • Update NoScript to 10.2.4
      • Bug 29733: Work around Mozilla's bug 1532530

March 25, 2019


2 fixes requested please

First, it always takes several tries to drag the HTTPS-Everywhere icon to the top bar (near noscript). It's so annoying, please fix it.

Second, has the user agent spoofing been fixed in Linux yet?

I am not sure I understand your first problem, the icon should either show up automatically after the second start of a fresh Tor Browser or you should just need to drag it to the toolbar with the usual toolbar customization flow. What's the issue with dragging that icon? And does that happen in a Firefox 60 ESR as well (if you installed HTTPS-Everywhere there?).

Re your second question: I guess you mean That's still open.


March 25, 2019


I have fire 66 using Tor browser as a proxy. I have Firefox manual proxy configuration to using port 9150.
while using firefox with youtube (not logged in) what will happen is after a period of time the video will stop and I get a message such as this "An error occurred. please try again later. (playback ID:kVBiM8y1yJcS-duF" but if I go to "recent histroy.." and only "clear logins" it recovers.

This only occurred recently with Youtube within a month.

Obligatory warnings:
"In past times, a user would simply change the internal settings of a particular piece of software to "torify" it, like Mozilla Firefox - eventually as the dangers became more clear, the Tor Browser was created."

"The modified copy of Firefox [in the Tor Browser Bundle] aims to resolve the privacy and security issues in mainline version."…

"Almost any other web browser configuration is likely to be unsafe to use with Tor."

"In short, using any browser besides Tor Browser with Tor is a really bad idea."

About your issue, I see errors in Tor Browser like the ones you describe if I leave a YouTube tab open for a long time and then try to play the video. It could be related to Tor changing idle circuits about every 10 minutes and YouTube buffering pieces of the video based on your unique session on the website. When idle circuits change, it could be that YouTube loses track of your session. When the error happens, I note my position in the video and simply refresh the page to get it playing again. That problem has been going on for years. I don't have a "clear logins" because I don't log in to YouTube.

The "clear logins" is from Firefox not youtube.

youtube continues to play even after a circuit change. It happens about 4 to 5 times in a day of continous play and I do not log into youtube.

Library --> History --> Clear Recent History is not clickable in Tor Browser Bundle because the History preferences are set to always start in Private Browsing mode. Deviating from that setting would be considered an advanced customization -- and risky -- in TBB, but the default preferences are set differently in Firefox, so that function is outside the scope of support for TBB.

Your error is seen in all major browsers, not only in Tor Browser. If you had searched the web for the error message in quotation marks, you would find websites reporting it in Firefox, Chrome, Opera, Edge, etc. My guess is that "clear logins" in Firefox deletes login cookies and/or the SSL session. Some websites report the error may instead be caused by the DNS cache or browser addons. Some answers echo the other reply to refresh the page. Moreover, I can't find the exact feature "clear logins", but I did find "Active logins" under "Clear Recent History".

If you configured Firefox to proxy over tor because you have an old OS that Tor Browser no longer supports, then please learn to write a Live USB or a Live DVD with a recent Linux distribution chosen from Live USB's boot a desktop environment in RAM and won't write or install themselves to your hard drives unless you say so. Tor Project recommends Tails.

Color Depth, System Fonts and Platform are shown, clicking "Show full results for fingerprinting".
Also, Color depth and Pixel depth of Screen information and Platform of System information are leaked under safe and safer at IP/DNS Detect.
Mac and Linux are used in the tests.

It seems Tor Browser sometimes forcibly accesses discrete GPU in a site, like as Fire Fox. Tor Browser and Fire Fox temporally make OSs hang up at this time. This doesn't happen in other browses. I can't find causes for this.

more useful would be how "unique" (common or uncommon) a Panopticlick visitor is among all visitors with the same user-agent.
or how "unique" among all Panopticlick visitors using the newest version at the time of their visit, such as IE8 in 2009.

But OS info is leaked.
Getting worse.
The results of tests in some sites
Tor Browser 756
User Agent 7.36 164.27 Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Platform 1.29 2.45 Win32

Tor Browser 808
User Agent 3.57 11.86 Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
Platform 3.07 8.4 MacIntel
Tor Browser 756
System information
(your browser, your language, your operating system, etc)
Platform: Win32

Tor Browser 808
System information
(your browser, your language, your operating system, etc)
Platform: MacIntel
Tor Browser 756
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

Tor Browser 808
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0
Tor Browser 756
Operating System: We have detected multiple OS:
Windows (Javascript, User Agent, JS UA, )
Linux (Fingerprint, )
If different OS detection methods deliver different results you may be a bot, or a human using a proxy or a virtual machine.

Tor Browser 808
Operating System: We have detected multiple OS:
Mac OS X (Javascript, )
Windows (User Agent, )
Macintosh (JS UA, )
Linux (Fingerprint, )
If different OS detection methods deliver different results you may be a bot, or a human using a proxy or a virtual machine.
Tor Browser 756
userAgent Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
appVersion 5.0 (Windows)
platform Win32
oscpu Windows NT 6.1

Tor Browser 808
userAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0
appVersion 5.0 (Macintosh)
platform MacIntel
oscpu Intel Mac OS X 10.13

About GPU
The same as ticket 29807?/
Maybe, What you should know when supporting Multiple GPUs and Allowing OpenGL applications to utilize the integrated GPU are hints.

Additional test
Use add-on User-Agent Switcher by Alexander Schlarb
This is because general.useragent.override is deleted in about:cconfig of Tor Browser 808
OS leak can be avoided.
Operating System: We have detected multiple OS:
Windows (Javascript, User Agent, JS UA, )
Linux (Fingerprint, )
If different OS detection methods deliver different results you may be a bot, or a human using a proxy or a virtual machin

I think this loses our anonymities and is critial, due to distinguishing from others users using platforms.
panopticlick is referred to as a test site
in Frequently asked questions 5.5 How to analyse the results of online anonymity tests? in Tails.

layers.amd-switchable-gfx.enabled is true in about:config. It means Tor Browser permits accesses to Hard-Ware. I know Tor Project don't recommend the usage of Hard-Ware.

true remains in some of of about:config.


March 26, 2019


I'm using Tor-Browser-808 with; 'Security Settings' -> 'Security Level' -> 'Safest'

Given I have contemplated the compromise between; Anonymity vs Security vs Speed

I wanted a safer option for http & https sites,

I wanted to include DNS hosts filtering for bad-actor sites.

As Tails includes 'uBlock Origin'

Features and included software -

Included software - uBlock Origin by Raymond Hill


I have installed 'uBlock Origin' with 'Auto-update filter lists' un-Ticked

( I update at least once per week )

In about:addons -> 'uBlock Origin Preferences' -> 'Filter lists' -> 'Custom'

I added;…

This gives me HOSTS Filtering,

and brings up the ' uBlock Origin has prevented the following page from loading '

page, and gives me the option to allow-access, temporarily-allow or deny-access

I sure others are using 'uBlock Origin' , how badly does using it break my Anonymity ?

When you install add-ons or make certain modifications, they change your browser's fingerprint away from default TBB users and make you appear more unique. Scroll up to see a comment thread about panopticlick. I don't know how badly. I make a New Identity and change the security slider instead.


March 27, 2019


TBB 8.0.8 seems to be working for me on Debian stable but the Tor network seems to be unusually slow.

I use the onion mirrors to update my Debian system and this has been almost unusable today (March 27, 2019).

I am worried about Article 13 but hope there is no connection because legal problems might be much harder to fix than a technical issue.

Just wanted to make sure Tor Project and Debian Project keep trying to keep that invaluable service running!


March 28, 2019


Subject #29032 new defect Tor Browser 8.0.4 stops working correctly in Virtualbox on Windows

After i tried 8.0.4 in Virtualbox i found this error.

There is a bug ticket for that

I looked into it some more. And i found this.

I have tracked the problem down to a single file.

I installed 8.0.3 and then 8.0.8. Then i copied over every file from 8.0.8 to 8.0.3 except for this file.

There must have been changes to it from 8.0.3 to 8.0.4.
The problem persists since 8.0.4 up to 8.0.8.

Just for fun I tried Help,About Torbrowser,Check for Updates, then it says there are no updates availlable. Update over the Tor Browser Extension delivers the same result.
The only file unchanged from 8.0.3 is \Browser\browser\omni.ja
Only this file seems to need a fix.

Under About, Firefox version is still 60.3.0esr and Torbrowser 8.0.3. The Updater believes version numbers to be the current ones from 8.0.8. So it sees no need for an update.

Other than that everything seems to work.

What i don't know is if this method will produce additional bugs or not. This is not completely 8.0.8 so it could make this browser more recognizable than standard 8.0.8. Or it doesn't.

I renamed the files and added the version.

binary file compare with FC.EXE
FC.EXE says FC: 803_omni.ja is longer than 808_OMNI.JA

Which could mean Firefox needs things in Virtualbox that are present in 803_omni.ja but not in 808_omni.ja

803_omni.ja works and 808_omni.ja doesn't.

omni.ja looks like a compiled file, different compiler versions, settings or codelines.

There are two such files in Torbrowser
\Browser\browser\omni.ja 11MB
\browser\omni.ja 5MB

The file is \Browser\browser\omni.ja 11MB.
It does the text display.

The other one is fine.

Thanks for narrowing this further down. I try to help you finding the culprit this week (I wanted to do so at some point during the last 2 weeks already but I am swamped with other more high-prio work). Meanwhile if you want to go further down the rabbit hole: omni.ja files are regular .zip files. Thus, you could extract both the working one and the non-working one and do a file comparison figuring out which file change caused the problem. We probably can easily map that to the actual code commit causing your bug.

Thanks for telling me these files are zip archives. Didn't know that.

803_omni.ja has 2679 files in it.
808_omni.ja has 2678 files in it.

2524 files

2523 files

20 files

19 files

This file isn't present in 808.

A google-2018.xml file would not possibly be read every time a page is rendered, would it?

Possible errors in JavaScript files would be more plausible.

1318 .js in 803 and 808 each.

22.209.009 Bytes .js in 803_omni.ja
22.209.728 Bytes .js in 808_omni.ja

124 .jsm in 803 and 808 each.

2.366.279 Bytes .jsm in 803_omni.ja
2.374.036 Bytes .jsm in 808_omni.ja

803_omni.ja\components\EnterprisePolicies.js 14kB
808_omni.ja\components\EnterprisePolicies.js 15kB
803_omni.ja\defaults\preferences\firefox.js 81kB
808_omni.ja\defaults\preferences\firefox.js 80kB
803_omni.ja\modules\policies\Policies.jsm 32kB
808_omni.ja\modules\policies\Policies.jsm 37kB
803_omni.ja\modules\policies\PoliciesValidator.jsm 5kB
808_omni.ja\modules\policies\PoliciesValidator.jsm 6kB

PAGE 1v3
Here are the things i tried.
By preferences you mean those reachable over the gui, correct? Is it possible there are different sets of preferences, those visible in the gui and another set that isn't? With previous tests i tried to figure out where looking is worthwhile. So i found firefox.js. What i don't know is how this file really works. Searching for 'Geolocation' in the Options has turned up nothing. But it is in firefox.js. I haven't found the setting yet. But Hopefully...
Are all settings of under about:config indeed completely in firefox.js? Without exception?
Is that it?

But how is pref(""); supposed to work if firefox.js is commented out? It only changes the setting in firefox.js if it isn't commented out.

So I tried pref("" but no change. I see! It does nothing, it's commented out.

This must mean pref()s with // for firefox.js do nothing. In lines without // that are no comment, there we could hope to find something. Correct? It took me a while. But, how do the pref()s know in which file to change what and where the file is when path and file are in a comment.

// Migrate any existing Firefox Account data from the default profile to the
// Developer Edition profile.
The @line numbers are different. Only one is present in both versions.
@line 1432

In the Geolocation part it is this one:
@line 1356

But what i found next could be the problem.

803 firefox.js
//@line 1358 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"
pref("", false);

808 firefox.js
// Set to false if things are really broken.
//@line 1359 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"
pref("", true); is indeed a setting under about:config.

-I will try.
-That wasn't the problem.

//@line 1358 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"
Means a line in firefox.js in the local directory
And pref("", false);
is the setting in firefox.js @line 1358 of this file.
And i remember // means its a comment. So this setting doesn't do anything.

PAGE 2v3
803 firefox.js
// All the Geolocation preferences are here.

// Geolocation preferences for the RELEASE and "later" Beta channels.
// Some of these prefs are specified even though they are redundant; they are
// here for clarity and end-user experiments.
//@line 1351 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"
pref("geo.wifi.uri", "");

//@line 1356 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

//@line 1358 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"
pref("", false);
//@line 1360 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

//@line 1364 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

//@line 1385 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

808 firefox.js
// All the Geolocation preferences are here.
//@line 1347 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"
pref("geo.wifi.uri", "…%");
//@line 1352 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

//@line 1356 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

// Set to false if things are really broken.
//@line 1359 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"
pref("", true);
//@line 1361 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

//@line 1365 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

803 vs 808 line present in both versions
803 vs 308 lines only present in the respective file

It seems something was to be tried and seemed to work at first, but not in every case.
// Set to false if things are really broken. Only Present in 808, not 803.

PAGE 3v3
803 firefox.js
// Migrate any existing Firefox Account data from the default profile to the
// Developer Edition profile.
//@line 1425 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"
pref("identity.fxaccounts.migrateToDevEdition", false);
//@line 1427 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

// On GTK, we now default to showing the menubar only when alt is pressed:
//@line 1432 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

// Encrypted media extensions.
//@line 1444 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"
pref("media.eme.enabled", true);
//@line 1446 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

//@line 1450 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"
pref("media.eme.vp9-in-mp4.enabled", false);
//@line 1452 "/var/tmp/build/firefox-858720263bed/browser/app/profile/firefox.js"

808 firefox.js
// Migrate any existing Firefox Account data from the default profile to the
// Developer Edition profile.
//@line 1405 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"
pref("identity.fxaccounts.migrateToDevEdition", false);
//@line 1407 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

// On GTK, we now default to showing the menubar only when alt is pressed:
//@line 1412 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

// Encrypted media extensions.
//@line 1424 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"
pref("media.eme.enabled", true);
//@line 1426 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

//@line 1430 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"
pref("media.eme.vp9-in-mp4.enabled", false);
//@line 1432 "/var/tmp/build/firefox-57642f36905a/browser/app/profile/firefox.js"

803 vs 808 line present in both versions
803 vs 308 lines only present in the respective file

I opened both files, task-switched between them and searched for changes. That's how i found those lines. pref() commands are preferences. Are they all in firefox.js?
How do those //@line numbers work? They are all commented out with //.

:( Noticed too late there are no tags for color.

You can ignore the "//" lines, those are only comments. The pref() lines are the important ones. So, the relevant preferences to test are those that changed between 8.0.3 and 8.0.4 (or later versions that have your bug). I am not sure whether they are all exposed via about:config. But once you create them there in case they aren't available you should be able to reproduce the buggy behavior (i.e. I don't think they have to be visible right from the beginning in about:config to reproduce the bug).

656 ''PREF('' in firefox.js
3744 Settings in about:config
The numbers aren't the same. pref-lines from firefox.js are to be found in about:config. I searched for some and found them there. Chances are they all are. In other words firefox.js seems to be a subset of about:config. It looks to be the case. By testing all boolean data types those booleans in firefox.js are ruled out already. Integers and Strings remain.

656 preferences are a huge amount.
false 126
true 255
boolean 381
strings and integers 275 remaining

Now i finally found something i hope.

In Tor-Browser 8.0.4 the about:tor page has no text, but links are clickable. The cursor changes.

But the new page from 2019 all text is shown, all links work.


Both screenshots are from Tor-Browser 8.0.4 installed from scratch without any changes.
Only the Menu Bar is switched on. It is much easier to use this way.

My guess is now that different fonts are used. There has to be going on something more than preferences. This much i suspected from the start and here it is.

font-family: Helvetica, Arial, sans-serif;
font-family: "Source Sans Pro", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";


March 28, 2019


My onion icon will grey out sometimes, the dropdown will still show and I can change its settings, also the circuits look ok. If I restart tbb the icon is light up again. I cant reproduce this at will, it just happens. Should I be concerned about this?


March 29, 2019


Hi, is something going on in the Tor Network ? Since days I cant access the NEt with Tor, even the Tor Homepage gets me a connection time out. An update on the 8.0.8 Version didnt help either.
Freenet works fine.


March 29, 2019


1) Every time I try to "upgrade" from 8.0.6 to the current 8.0.8, I am unable to access my mail accounts. This is very annoying. Normally I use icedove, but worry about security. Any clue as to what is happening? 2) Anything I can do to provide details of the transaction without compromising my login? 3) Is there a tor capable version of Icedove or similar? I just need to handle my e-mail. I'm not too particular, but need filtering and multiple e-mails(eg a@host, b@host, c@host), but have never studied the details of mail servers etc.. 4) Lastly and most importantly, how do I get back to 8.0.6 so things work? I can restore the whole thing but it wipes out my setup. I'm getting real tired of that. Do you have a script or similar that will "unbreak" tor given an new install directory/tarball and a broken one (linux), but leave the bookmarks, homepage etc intact? Eg `tor-unbreak new-tor-dir/ broken-tor-dir/`

Icedove is based on Thunderbird. Debian Stable de-branded Icedove back to Thunderbird on April 20, 2017.

1) Has your mail server changed anything on its end? Is it possible that Tor isn't the problem? Have they installed or changed captchas or Cloudflare things? Do you know if your accounts are accessible in your normal browser? Have you asked your mail provider? You said you use the stable Tor Browser releases, not alpha, so if the problem is definitely caused by Tor, look at the changelog for each stable Tor Browser Bundle version after 8.0.6: 8.0.7, 8.0.8. If you torify Icedove, that means you should look more closely at the changelog for each stable tor binary after the one shipped in Tor Browser Bundle 8.0.6 which was tor tor

2) As long as the problem is not from your mail provider and you didn't change Icedove preferences since installing 8.0.6, the search for a solution can start in the tor log and version changelogs. Have you tried to access your mail account by its web interface in Tor Browser rather than by Icedove? Can you access other websites? If nothing is accessible, then it's useful to check the tor log. In "Tor Network Settings", there is a button that will copy the tor log to clipboard. If you can't access any websites in Tor Browser, copy the log, choose a pastebin website using your normal browser, and link us to your paste.

3) No, not that I know of, but take a look at Torbirdy, a Thunderbird add-on developed by Tor Project.
a) TorifyHOWTO
b) TorifyHOWTO/EMail/Thunderbird
c) torbirdy

4) Things where? If you're only talking about Tor Browser, backup or export your profile folder. Then, fully uninstall and delete the Tor Browser folder, install the other version, start Tor Browser so it sets up the default profile, close it, and copy your backups over the default files. Bookmarks, including keywords, tags, and descriptions, can be exported in a JSON or HTML file. The homepage can be saved as a bookmark or pasted in a text file.