Tor Browser 3.6.6 is released

The sixth pointfix release of the 3.6 series is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Here is the complete changelog for 3.6.6:

All Platforms
- Update Tor to tor-0.2.4.24
- Update Firefox to 24.8.1esr
- Update NoScript to 2.6.8.42
- Update HTTPS Everywhere to 4.0.1
- Bug 12998: Prevent intermediate certs from being written to disk
- Update Torbutton to 1.6.12.3
  - Bug 13091: Use "Tor Browser" everywhere
  - Bug 10804: Workaround fix for some cases of startup hang
Linux
- Bug 9150: Make RPATH unavailable on Tor binary.

The list of frequently encountered known issues is also available in our bug tracker.

I assume it is a bug. My

I assume it is a bug.

My reasoning: The TorBrowser as a hole doesn't update automagically, but merely informs the user about updates. This leads the user to believe it'd be a project-wide policy not to auto-update (which is the right thing to do by the way; please refer to the "uplink" feature in "I, Robot" (Will Smith) for the details).

I honestly can't imagine that TBB developers want to have such inconsistent behaviour (no auto-update for browser versus auto-update for add-ons) in their project.

So, feel free to be the first one to file the bug report!

Such is how it would seem to

Such is how it would seem to me as well.

Now the question is: How much concern is warranted over this behavior of TorBrowser, i.e., automatically updating addons?

Is some immediate action on the part of the Tor Project warranted?

TorBrowser doesn't update

TorBrowser doesn't update automatically because automatic updating like Firefox isn't a trivial feature to write for the number of programmers Tor has. There was a time TBB didn't even check if there was a new version like it does now even though that is significantly less work.

While updating automatically does allow for certain attacks (and assumes that the Tor developers will remain trustworthy,) for the vast majority of users it significantly reduces the amount of time after an update is published that it gets deployed on their machine.

Yes, and the Tor Browser

Yes, and the Tor Browser updater is coming in the 4.x series.

Can someone from the TBB

Can someone from the TBB developers confirm that autoupdate add-ons is wrong please?

my version of no script is now 2.6.8.43. i deactivated autoupdate, i guess reinstall TBB is the right thing?! thanks

I like to let my fixed IP in

I like to let my fixed IP in tor version 3.66.

need 1 ip is clear that it is not mine but that is FIXED in BRAZIL .

I can not in this version .

need 1 ip is clear that it is not mine but that is FIXED in BRAZIL .

I can not in this version .

the game I play I can not ta turning the changing world of IP that almost denounces me ..

there help me please ..

Sounds like you want to get

Sounds like you want to get one of those VPN providers or something that offer that service. Their anonymity promises are snakeoil, but I imagine if they promise to route you through Brazil they probably do.

>"Their anonymity promises

>"Their anonymity promises are snakeoil"

Why?

Because they keep logs. I'm

Because they keep logs. I'm not sure of Brazilian Law, but usually all it takes is one court order for them to have to hand them over.

Sync freezes on 366. if I

Sync freezes on 366. if I use the "replace local" option in the advances options box I can't close the dialog box. If I check the "merge" radio button, the dialog box closes but no action is performed when I try to go on. It worked fine as of 365. Thanks.

Seems to be a bug. For now

Seems to be a bug. For now the solution is to enter about:config, find the preference security.nocertdb and change it to false. Then you have to close and restart the Tor Browser and you should be able to sync.

thank you! Is this change

thank you! Is this change safe or is it better I wait for next tor release?

Can you disguise the

Can you disguise the "TorBrowser" title? As anyone can become suspicious when they see that instead of a standard "Firefox" title. Making us vulnerable to prying eyes!

No thanks. Cover the title

No thanks. Cover the title with physical tape if you must.

I want no mistake about which browser I am using.

Unfortunately, Firefox's

Unfortunately, Firefox's legal team would have a problem with that. If you modify the firefox source (which Torbrowser does,) you can't legally use Firefox trademarks (like the name, logo, etc.)

Media tab no longer shows up

Media tab no longer shows up under Page Info

Hello, I would also like to

Hello, I would also like to ask this question.
@devs: There is not anymore an easy way to check the content (images, scripts etc.) of a page. Maybe with the debug tools. But there is no overview as far as I know.
Is this due to security reasons? And is it possible to enable the tab in About:config or so?

That happens to me too

Unable to change Master

Unable to change Master Password.

Same here "Change Master

Same here "Change Master password" button is greyed out and when I try to add a password I get "unable to change password" popup...

Which version of OpenSSL

Which version of OpenSSL this TOR release uses?

1.0.1.9 Yeah :D

Just wondering, are there

Just wondering, are there any plans to release binary diffs in the future?
Considering all the work that goes into deterministic builds, all that minimization of so much extraneous data sounds (to a layman) like it could be tight.

Hi All, I can not login to

Hi All,

I can not login to badoo.com
Even with the link in the registration email not working.
Any ideas?
Thank you

I've noticed an issue on

I've noticed an issue on Comcast and I was wondering if anyone else has. When going to totally legal and legit sites using Comcast lately (last 3 days about), unless I use obsf3, the sites keep on timing out and Firefox keeps on refusing to go to the websites.
I thought that this was an issue with the TOR Browser until enabling that and then it was like "What the hell is Comcast doing?"

Have an unusual error

Have an unusual error here.Quite by accident,may not.
Using Tor years with Debian on some computers.All fine,no problems.Almost with javascript off.
With releasing Tor Browser 3.6.6 i installed it on a nearly new computer with windows.
Windows was working fine -before this.
Surfing some time with javascript on then shutting down windows.
Next try to start computer was a surprise.
HDD is "ill".Boot is running moments before uefi-bios starts HDD.Then comp hangs+no other device can boot+no entry in bios.HDD seems very healthy(S.M.A.R.T,manufacturer test software). Windows repair disc cannot repair and cannot find installed Windows.
When pull sata plug from HDD i can enter bios and boot normally,windows from HDD too.With sata plug in machine it's hanging.
I've never had any strange error especially like this.

Would really appreciate some

Would really appreciate some instructions for setting up and running Vidalia with TBB 3.6.6. It worked perfectly with the previous version of TBB, but now it asks for a password, and if I hit the reset button in vidalia, then vidalia works, but TBB doesn't.

I suspect there is a difference in port settings between Vidalia and TBB 3.6.6. Where are the ports used by TBB documented?

Also, my AVG antivirus keeps alerting on this version of TBB, but has never done so on previous versions. Makes me nervous.

I don't think that there are

I don't think that there are any changes between 3.6.6 and 3.6.5 that should effect Vidalia; of course Tor Browser no longer supports Vidalia and using Vidalia with Tor Browser might end up with undesired behavior.

Also, what's the exact complaint by your antivirus? Modern antivirus software uses several different techniques to identify potential threats, some of which produce false positives. It doesn't help that there are some individuals that use tor for nefarious purposes possibly getting it added to some malware lists.