New Release: Tor Browser 9.5a10

by sysrqb | April 3, 2020

Tor Browser 9.5a10 is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

This release features important security fixes to Firefox.

The full changelog since Tor Browser 9.5a9 is:

  • All Platforms
    • Mozilla Bug 1620818 - Release nsDocShell::mContentViewer properly
    • Mozilla Bug 1626728 - Normalize shutdown

Comments

Please note that the comment area below has been archived.

April 07, 2020

Permalink

You didn't turn comments on for the above post for Tails 4.5 so I will comment here.

The link to download tails uses http:

http://dl.amnesia.boum.org/tails/stable/tails-amd64-4.5/tails-amd64-4.5…

If changed to https it gives the following warning:

Websites prove their identity via certificates. Tor Browser does not trust this site because it uses a certificate that is not valid for dl.amnesia.boum.org. The certificate is only valid for mirrors.wikimedia.org.

Error code: SSL_ERROR_BAD_CERT_DOMAIN

The ISO doesn't need https to be verified if you trust and verify the PGP key and signature file. On that page, scroll down to "Verify using OpenPGP". If you trust that one source for the key and if GPG returns "good" when you verify the signature, then the ISO is genuine. If you don't trust that one source, then find more keyservers. Since https is based on preinstalled certificate authority (CA) hierarchies and only represents trust in the connection to a server, you should do this if everything is https too.