Tor Browser 4.5.2 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.

Here is the complete changelog since 4.5.1:

  • All Platforms
    • Update Tor to 0.2.6.9
    • Update OpenSSL to 1.0.1n
    • Update HTTPS-Everywhere to 5.0.5
    • Update NoScript to 2.6.9.26
    • Update Torbutton to 1.9.2.6
      • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
      • Bug 14429: Make sure the automatic resizing is disabled
      • Translation updates
    • Bug 16130: Defend against logjam attack
    • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  • Linux
    • Bug 16026: Fix crash in GStreamer
    • Bug 16083: Update comment in start-tor-browser
Asker

June 16, 2015

Permalink

> Update OpenSSL to 1.0.1n

I take it then that Tor/Firefox are not effected by the HMAC ABI breakage that required the v1.0.1o release of OpenSSL the day after v1.0.1n?

That is our current understanding, yes. Thus, even pointing to a system tor or copying a self-compiled tor into the respective Tor Browser directory should not break things for users.

The regular Tor Browser update in two weeks will ship with OpenSSL 1.0.1o then.

To: mikeperry, gk, arma, erinn, et. al.

Firstly thanks for bringing out the latest update.

Secondly, according to gk, the next update of Tor Browser will include OpenSSL 1.0.1o.

Please, please, co-ordinate with Tails' developers so that Tails will have a Tor Browser that includes OpenSSL 1.0.1o and the latest updates from you guys. Your ability to work with Tails as a team and in-sync would be appreciated. For your info, according to Tails' website, the next update of Tails is scheduled for June 30.

Asker

June 16, 2015

Permalink

My Windows PC has the OpenSSL 1.0.2 branch in the system directory. Do you perceive possible conflicts with TorBrowsers OpenSSL 1.0.1 when using TorBrowser?

Are there security/anonymity benefits of using OpenSSL 1.0.1 over 1.0.2?

Asker

June 16, 2015

Permalink

What's the difference between "new identity" and "new circuit for this site"?

"New Tor Circuit for this Site" just gives you a new Tor circuit for the particular website leaving all your browser state (cookies, etc.) untouched. "New Identity" gives you basically a clean, new browser session.

Asker

June 16, 2015

Permalink

Not sure if a bug - windows resizing is not working properly. When I open tbb and go to ipcheck.info my monitor screen sizes varies from 999 x 490 pixels and other variations of this instead of the default size intended for TBB.

works without problem on my system: when I open ipcheck.info, I get 1000x600 pixels, which seems to be the intended value.

which operating system do you use?? maybe your window manager will mess up things...

Asker

June 16, 2015

Permalink

The link "https://weakdh.org/" is not working. I always get that "Problem loading page" thing...

The time: 14:30:00 UTC

Asker

June 16, 2015

Permalink

ERROR: Not all signatures were verified

Is the signature's process during update not yet ready ?

The error message during the update is scary:
Jun 17 20:55:54.000 [notice] New control connection opened from 127.0.0.1.
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
Jun 17 20:56:15.000 [notice] Owning controller connection has closed -- exiting now.

Did we install hacked software?

Asker

June 16, 2015

Permalink

What is the fix for Logjam, disabling DHE ciphers or requiring minimum bitness, and If bits, how many?

SHA256 checksum doesn't verify

My personal experience is if you are using Microsoft Windows OS, you could try installing gpg4win and use it to verify torbrowser-install-4.5.2_en-US.exe.asc against torbrowser-install-4.5.2_en-US.exe

gpg4win is available for free from: http://www.gpg4win.org/download.html

AVG exactly found a threat named "IDP Generic Whitelisted". If let it repaire it deletes the tor.exe. Or you should add to AVG exceptions. I`v controlled the fingerprint and it was OK, but i don`t want punch a hole on my firewall with the exception. Please help me find a solution.

Asker

June 16, 2015

Permalink

Tor browser is often unable to connect to the Tor network or pages
do not load.It works well only in Linux.I am in Russia.Can somebody
help?

Asker

June 16, 2015

Permalink

I've tried to download the italian version but it's 0 byte large.
Can you check and solve this problem?
Thanks.

Asker

June 16, 2015

Permalink

Tor had finally been working well for commenting on political sites. I could get a new circuit quickly, which is necessary for sites that have blocked many of Tor exit IPs. It is necessary to try many IPs before a post can get through the site's block list.

Now it is frigged up again, since getting a "new circuit for this site" reloads the page. The process takes much longer. Why did you change what had worked well?

If you people have no conception of what it is like to try and use Tor for online commenting, what in heaven's name are you using Tor for? Pirating movies?

Asker

June 16, 2015

Permalink

Maximizing the browser window still does not work (4.5.2 WIN). The maximize window button does odd things: resulting window too high for screen, or window reduced to a bar. I'd like to start maximized. What can I do?

I have the same issue. Unable to expand the TOR browser window. (Version 4.5.2 Windows 8.1) I could not find any options to correct this problem. Please help.

Asker

June 16, 2015

Permalink

Domain isolation still broken. Can't download anything from any file host tried. When will this be a toggle?