New Release: Tor Browser 8.0.9
Tor Browser 8.0.9 is now available from the Tor Browser Download page and also from our distribution directory.
This release fixes the issue which caused NoScript and all other Firefox extensions signed by Mozilla to be disabled.
If you used the workaround mentioned in our previous blog post, don't forget to set the xpinstall.signatures.required entry in about:config back to true after installing this update.
Note: We did not bump the Firefox version number to be able to build faster, thus it will still show 60.6.1esr as the Firefox version.
The full changelog since Tor Browser 8.0.8 is:
- All platforms
- Update Torbutton to 2.0.13
- Bug 30388: Make sure the updated intermediate certificate keeps working
- Backport fixes for bug 1549010 and bug 1549061
- Bug 30388: Make sure the updated intermediate certificate keeps working
- Update NoScript to 10.6.1
- Bug 29872: XSS popup with DuckDuckGo search on about:tor
- Update Torbutton to 2.0.13
I'm not sure, but we're…
I'm not sure, but we're planning to disable certdb again in the release next week, since Mozilla provided a better patch that doesn't require certdb:
https://trac.torproject.org/projects/tor/ticket/30425
No. It's not about cross…
No. It's not about cross-origin linkability but about leaking things to disk.
only, thanks to tor (and…
only, thanks to tor (and mozilla?) for fixing the xpi sig problem.
Yes, Mozilla messed up but…
Yes, Mozilla messed up but did respond rapidly to devise a fix.
Great job fixing the desktop…
Great job fixing the desktop version!
Keep in mind that the android version of the Guardian Projects Fdroid repository was not updated yet and still contains this certificate problem.
We're currently building…
We're currently building/signing the alpha release (which includes the android version) that should fix this.
Certainly not asking this…
Certainly not asking this with any entitlement or expectation, please only answer if you have the time, but is there an outlook on the alpha release update? I'm very fond of the noscript preference retention in that! :-)
In a couple of hours. https:…
In a couple of hours. https://dist.torproject.org/torbrowser/8.5a12/ has the bundles but it is not official yet.
Cheers, GK, nice one. ✌
Cheers, GK, nice one. ✌
Hi Tor Developers How is…
Hi Tor Developers
How is your progress against fixing the ddos issue within the tor onion services?
The ddos attack against all tor networks is going very strong.
Please fix it as soon as possible or it will all be over soon...
We're working on it, but we…
We're working on it, but we're not able to provide any ETA, so stay tuned. Thanks for your patience.
Thanks so much to everyone…
Thanks so much to everyone who helped respond so quickly to this emergency!
TP was placed in a really bad position by Mozilla's goof and handled it pretty well I think.
Does this release use the…
Does this release use the new Mozilla certificate or did you seize the opportunity and create your own?
No, add-ons are still signed…
No, add-ons are still signed by Mozilla.
How are jobs to prevent DDOS…
How are jobs to prevent DDOS attacks on Tor's onion servers.
You visit a TOR Onion site, and tomorrow it is closed because of the Onion attacks.
If nothing is done, I see that soon everything will end.
Ugh, the absolute state of…
Ugh, the absolute state of firefox.
Does tor browser have any plan to change from firefox to chrome?
There is no plans to do so…
There is no plans to do so currently. Switching to chrome/chromium would cause other problems.
Sure use googles spy browser…
Sure use googles spy browser thats a great idea.
NO
Has anyone used Tor Browser…
Has anyone used Tor Browser on a 4K monitor? (1000x1000 window size, I mean)
Is it a problem if I change Tor Browser's font size? (I never use JavaScript)
A similar comment was made…
A similar comment was made to the post for v8.5a11.
Hi, can som1 from tor ,…
Hi, can som1 from tor , give us any info on the DDoS fix or even if its possible as this is a major topic right now , The ATTACKS have definitely got worse as even clearnet sites are being hit now bad . So looks even more of an issue than before
We're working on it, but we…
We're working on it, but we don't have any ETA, so stay tuned. Thanks for your patience.
8.0.x Update to comment: Tor…
8.0.x
Update to: Tor Browser does not terminate correctly (2019-04-26).
https://blog.torproject.org/comment/280960#comment-280960
Setup of Tor Browser 7.56, 8.0 ... 8.09 x32 and x64 inside a fresh Win81x64 VMware WS guest. No config changes, no antivirus, no firewall. Just launching the browser an then closing.
Results: Tor Browser 7.56 works without any problems.
All 8.0x (32/64) versions do not close properly. About 60s ore more after closing a system error message appears.
With Process explorer one can track the increasing memory consumption.
No problems with linux version in a Debian 9 guest on the same host.
Can someone explain why TBB…
Can someone explain why TBB says Win32 for System Info but TAILS says Linux?
I thought you folks would be synchronized in that sense but it appears not. The complaint is an obvious one regarding fingerprinting. Any help in keeping your Sys Info the same across platforms?
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/26146
https://trac.torproject.org/projects/tor/ticket/28290
Thank you for fixing the…
Thank you for fixing the issue so promptly. You are doing god's work.
Glad to say 8.0.9 seems to…
Glad to say 8.0.9 seems to be working fine for me (on Debian).
thank you !
thank you !
All of the different…
All of the different suggestions to change assorted settings can't be hygienic for the user base. I think it would help everyone if there was publicity for a permanent guide on the Tor Project website or wiki for how to do a backup and clean install.
Why did the creator of…
Why did the creator of JavaScript and co-founder of Mozilla abandon Firefox and its engine Gecko and chose Chromium and its engines (Blink and V8) for his Brave browser? Maybe the reality is, Mozilla has become a MESS and the Google engines became better over time, and now they are the best. We hate it because we don't want to admit that something coming from Google is the best, even if it's open source. I don't know, but if people don't trust Mozilla anymore, they won't trust Tor either. Tor might die in the next five years. It's sad, really. I guess people expect a serious project like Tor to have its own browser and features should be part of such browser. Relying on third-party solutions like engines is ok, but on browsers and "extensions" seems a cheap solution for such serious project.
Good to see the sigs are…
Good to see the sigs are back on the download page! Thank you for great work on tor browser!
Did you guys really patch…
Did you guys really patch stable before alpha? :|
When are you guys going to patch alpha?
https://dist.torproject.org…
https://dist.torproject.org/torbrowser/8.5a12/ has the new bundles but they are not official yet. And, yes, we really patched stable before alpha. Alpha is the development version and we expect users of those to be more tech-savvy and being able to better cope with breakage and unforeseen issues.
Mozilla has had improper…
Mozilla has had improper handling his signing infrastructure for addons in the past,
unbelievable handling this thing for webextensions in present, i'am waiting for the future mozilla is .....handling this.
May delete the user can change "xpinstall.signatures.required" for, mozilla will say,
more security. This is dangerous.
On Android don't Is possible…
On Android don't Is possible installing addons. Always corrupted files noticed from admin of circuit. BTW. Is not possible setting up excluding Country and or nodes in setting. Bad. Best old Orbot and Orfox. I am sorry.
There was a bug in Mozilla's…
There was a bug in Mozilla's code starting last Saturday that disabled many add-ons. Version 8.5a12 on Android is released and fixes the bug.
https://www.torproject.org/download/#android
https://support.torproject.org/tbb/tbb-16/
It appears there is…
It appears there is something wrong with ob4s bridges provided from https://bridges.torproject.org/bridges?transport=obfs4.
The bridges are all the same 189.131.192.144:6237 etc..
Another bridge IP:port in a…
Another bridge IP:port in a public post.
Is the android platform been…
Is the android platform been updated too? It doesnt seem so
The alpha Tor Browser…
The alpha Tor Browser version (including the Android bundle) has been released:
https://blog.torproject.org/new-release-tor-browser-85a12
There is also a problem…
There is also a problem obtaining bridges via Email. when sending a request for obs4 bridges to bridges@bridges.torproject.org I get the below response.
Here are your bridges:
(no bridges currently available)
To enter bridges into Tor Browser, first go to the Tor Browser download
page [0] and then follow the instructions there for downloading and starting
Tor Browser.
When the 'Tor Network Settings' dialogue pops up, click 'Configure' and follow
the wizard until it asks:
Does your Internet Service Provider (ISP) block or otherwise censor connections
to the Tor network?
Select 'Yes' and then click 'Next'. To configure your new bridges, copy and
paste the bridge lines into the text input box. Finally, click 'Connect', and
you should be good to go! If you experience trouble, try clicking the 'Help'
button in the 'Tor Network Settings' wizard for further assistance.
[0]: https://www.torproject.org/projects/torbrowser.html
COMMANDs: (combine COMMANDs to specify multiple options simultaneously)
get bridges Request vanilla bridges.
get transport [TYPE] Request a Pluggable Transport by TYPE.
get help Displays this message.
get key Get a copy of BridgeDB's public GnuPG key.
get ipv6 Request IPv6 bridges.
Currently supported transport TYPEs:
fte
obfs3
obfs4
scramblesuit
--
<3 BridgeDB
I don't know the details…
I don't know the details about this, but I heard some people are investigating the issue with BridgeDB.
This is important without…
This is important without bridges anonymity can be compromised. thats why the Torproject provides 3 methods of obtaining bridges. 1. Email 2. tor bridge web site (https://bridges.torproject.org/) and 3. built in defaults
Should I be informing another forum?
They know. Give them time. …
They know. Give them time. Look here, but let them work.
Hi, can somone from tor ,…
Hi, can somone from tor , give us any info on the DDoS fix or even if its possible as this is a major topic right now , The ATTACKS have definitely got worse as even clearnet sites are being hit now bad . So looks even more of an issue than before. PLEASE ANSWER ME. Thanks in advance...
We're working on it, but we…
We're working on it, but we don't have any ETA, so stay tuned. Thanks for your patience.
Hey guys. Every time I input…
Hey guys. Every time I input a captcha answer on an onion link it fails and reloads a new onee to completevery time. Any idea why?
Try lowering the security…
Try lowering the security slider or setting Trusted permissions for websites in NoScript. No firm idea why.
Two days after mozilla-tor…
Two days after mozilla-tor-noscript-"bugfix", the noscript-Icon is gone again and browser says "all firefox addons disabled. WTF??? Should we go back to "about:config-false"again?
Which version are you using?
Which version are you using?