Tor Browser 4.0.6 is released

by mikeperry | April 1, 2015

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.0.6 is based on Firefox ESR 31.6.0, which features important security updates to Firefox.

Note to MacOS users: This is the last planned release that will run on 32 bit MacOS versions. Users of Mac OS 10.8 (Mountain Lion) and newer versions will be automatically updated to the 64 bit Tor Browser 4.5 when it is stabilized in April, and we expect this transition to be smooth for those users. However, the update process for 10.6 and 10.7 users will unfortunately not be automatic. For more details, see the original end-of-life blog post.

Here is the complete changelog since 4.0.5:

  • All Platforms
    • Update Firefox to 31.6.0esr
    • Update meek to 0.16
    • Update OpenSSL to 1.0.1m

Comments

Please note that the comment area below has been archived.

April 01, 2015

Permalink

AVG picked up malware on updating C:\Users\....\Documents\Tor Browser\Browser\TorBrowser\Tor\tor.exe? is this of concern?

April 01, 2015

Permalink

Windows 8.1 warned about "harmful file" when I tried to run the 4.0.6 update.
Should I ignore and install?

April 01, 2015

Permalink

It seems that no matter how many people address the cloudfare issue, it still seems to be a non-issue??

All the way up to version 3.6.3 Tor never had any issues.

So, over a 8 plus month span to correct this?

it would also help if there were some obfuscation measures taken to actually not let other websites know that a Tor user is making a connection.

Thanks!

It isn't an issue with Tor, it's an issue with cloudflare; if they see you exiting a Tor exit node, they will captcha you. All a server (including cloudflare) needs to do is look up the ip address that the connection is coming from and see if it is a Tor exit. Yes, this would be harder if the list of Tor exit nodes wasn't published, but it wouldn't be much harder and then Tor users will get even less goodwill; forget captchas, you'll just be blocked. With that said, nothing is stopping you from using a CGI proxy or similar from within Tor Browser. Of course, you could also try to convince the admin of whichever site you're having trouble with to stop using Cloudflare.

April 01, 2015

Permalink

Works fine here so far, thanks.

@Users: With Tor: the new captchas from cloudflare are unsolvable. U have same problem? Any idea? Thanks

April 04, 2015

In reply to arma

Permalink

i understand your concern. at least my ip is still hidden, it's the most important thing.

April 01, 2015

Permalink

Well, it looks like Vidalia lovers are shafted again. Can't run Vidalia with this version (even though the "Vidalia-like" features aren't incorporated in this version." Running Vidalia generates a message saying "Tor requires authentication cookie". Do you want to browse for "control_auth_cookie"? It appears it doesn't exist.

I know Vidalia is being deprecated, but many of us use it for much more than "new identity". I'm sure there will be many complaints forthcoming, or many people will simply choose to run 4.0.5 since that version is still compatible.

"Vidalia was deprecated years ago."

And yet, Tails still uses Vidalia!

"If you need the features from 4.5 run 4.5; you're probably less likely to run into a security vulnerability that way."

Poster you were replying-to said "4.0.5", not 4.5.

Either way, how could you possibly say that using any deprecated version of Tor Browser would make one, "less likely to run into a security vulnerability"?! (The truth is just the opposite.)

Especially just after pointing-out that "Vidalia was deprecated years ago."?!

April 02, 2015

Permalink

Today obfs3 bridges connection stopped to work, tried several bridge addresses including today's set. The loading line stays grey. Non-bridges connection works. What could be wrong?

April 02, 2015

Permalink

old new problem: starting tor browser but no browser appears. but task mozilla tor is running. have to close this and restart tor browser.

April 06, 2015

In reply to arma

Permalink

Unfortunately I will probably just keep my head in the sand for now. Like the other anonymous user commented, it seems to run in spurts and right now it is opening more than not.

April 03, 2015

Permalink

On Mac trying to verify 4.06 (yes I've downloaded the new key):

gpg: Signature made Tue 31 Mar 15:27:31 2015 using RSA key ID D40814E0

gpg: BAD signature from "Tor Browser Developers (signing key) "

Any ideas.

No verify, no use.

gpg: Signature made Tue 31 Mar 2015 10:27:31 AM EDT using RSA key ID D40814E0
gpg: Good signature from "Tor Browser Developers (signing key) "

I just fetched the TorBrowser-4.0.6-osx32_en-US.dmg and checked it.

My guess is that you have only a partial download, or something like that.

$ sha256sum TorBrowser-4.0.6-osx32_en-US.dmg
283bb75db6266266cb9d891c652feada2d515c8f4e275bc0858c83233474a00a TorBrowser-4.0.6-osx32_en-US.dmg

April 05, 2015

Permalink

Window size can be increased slightly by using the max/min icon a few times and then dragging the window down. Very annoying on a large screen only being able to view half size. Why all other versions of TOR not screen fixed like this one? Does it mean all earlier versions were insecure?

Are you talking about the alpha 4.5a5 compared to 4.0.6? If so, this might be another bug in our current "fix" for #14429. And, yes, maximizing the window without something like a fix for #14429 might make you easier recognizable due to your unusual screen/window size.

Tor Browser 4.0.6 is the stable version, and it doesn't have the experimental window resizing feature in it.

Tor Browser 4.5a5 is the experimental branch, and it has experimental features like that one in it.

April 05, 2015

Permalink

How do I force this browser to just give me US IP's? I've done it for previous versions by updating the "torrc" file but now it's not working. Any help? Thanks!

April 10, 2015

Permalink

All these new Tor realeases got so many captchas ,so annoying! Please solve that problem _
But anyway _ am on Debian linux - Parrot OS and it has anon surf on it so no sweat though! :)

May 04, 2015

Permalink

waahh :-(( ----I use tor-browser vers 4.08 and it doesn't tell me about updates to 4.5 / 4.6 now - I am quite desperate ...!!! ( next life I'll be reborn as a digital machine from the very beginning, I swear ) HELP! ( no I won't start internet &/ evolution, sorry folks :)