Tor Browser 4.5.2 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
Here is the complete changelog since 4.5.1:
- All Platforms
- Update Tor to 0.2.6.9
- Update OpenSSL to 1.0.1n
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update Torbutton to 1.9.2.6
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Bug 14429: Make sure the automatic resizing is disabled
- Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser
> Update OpenSSL to 1.0.1n I
> Update OpenSSL to 1.0.1n
I take it then that Tor/Firefox are not effected by the HMAC ABI breakage that required the v1.0.1o release of OpenSSL the day after v1.0.1n?
That is our current
That is our current understanding, yes. Thus, even pointing to a system tor or copying a self-compiled tor into the respective Tor Browser directory should not break things for users.
The regular Tor Browser update in two weeks will ship with OpenSSL 1.0.1o then.
By the way: "The regular Tor
By the way:
"The regular Tor Browser update in two weeks"
Will this update be 4.5.x or 5.x.x ??
4.5.3 ad 5.0a3
4.5.3 ad 5.0a3
To: mikeperry, gk, arma,
To: mikeperry, gk, arma, erinn, et. al.
Firstly thanks for bringing out the latest update.
Secondly, according to gk, the next update of Tor Browser will include OpenSSL 1.0.1o.
Please, please, co-ordinate with Tails' developers so that Tails will have a Tor Browser that includes OpenSSL 1.0.1o and the latest updates from you guys. Your ability to work with Tails as a team and in-sync would be appreciated. For your info, according to Tails' website, the next update of Tails is scheduled for June 30.
Yes, the next Tor Browser
Yes, the next Tor Browser release is scheduled for the same day. So, everything should work out.
Why not using OpenSSL 1.0.2c?
Why not using OpenSSL 1.0.2c?
My Windows PC has the
My Windows PC has the OpenSSL 1.0.2 branch in the system directory. Do you perceive possible conflicts with TorBrowsers OpenSSL 1.0.1 when using TorBrowser?
Are there security/anonymity benefits of using OpenSSL 1.0.1 over 1.0.2?
Are there security/anonymity
Are there security/anonymity benefits of using OpenSSL 1.0.1 over 1.0.2?
You will receive a faster response if you re-post your question on https://tor.stackexchange.com/
What's with the first
What's with the first question of that post Mr. Picky?
> You will receive a faster
> You will receive a faster response if you re-post your question on https://tor.stackexchange.com/
No, you won't. I asked the same question over a month ago and got no responses.
What's the difference
What's the difference between "new identity" and "new circuit for this site"?
New identity clears the
New identity clears the browser state.
What's the difference
What's the difference between "new identity" and "new circuit for this site"?
You will receive a faster response if you re-post your question on https://tor.stackexchange.com/
"New Tor Circuit for this
"New Tor Circuit for this Site" just gives you a new Tor circuit for the particular website leaving all your browser state (cookies, etc.) untouched. "New Identity" gives you basically a clean, new browser session.
Thanks guys!
Thanks guys!
Not sure if a bug - windows
Not sure if a bug - windows resizing is not working properly. When I open tbb and go to ipcheck.info my monitor screen sizes varies from 999 x 490 pixels and other variations of this instead of the default size intended for TBB.
works without problem on my
works without problem on my system: when I open ipcheck.info, I get 1000x600 pixels, which seems to be the intended value.
which operating system do you use?? maybe your window manager will mess up things...
I get--> Browser window
I get--> Browser window 1004 x 632 pixels (inner size)
on Windows.
The link
The link "https://weakdh.org/" is not working. I always get that "Problem loading page" thing...
The time: 14:30:00 UTC
now it works! I guess I was
now it works! I guess I was simply too impatient ::-)
ERROR: Not all signatures
ERROR: Not all signatures were verified
Is the signature's process during update not yet ready ?
What is broken in particular?
What is broken in particular?
The error message during the
The error message during the update is scary:
Jun 17 20:55:54.000 [notice] New control connection opened from 127.0.0.1.
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
Jun 17 20:56:15.000 [notice] Owning controller connection has closed -- exiting now.
Did we install hacked software?
No, see:
No, see: https://bugs.torproject.org/15532 for the background of this issue.
Some files from
Some files from https://dist.torproject.org/torbrowser/4.5.2/ has 0 byte size
for example: tor-win32-0.2.6.9.zip, torbrowser-install-4.5.2_it.exe, TorBrowser-4.5.2-osx64_es-ES.dmg.asc and others.
This should be fixed now,
This should be fixed now, thanks for reporting.
What is the fix for Logjam,
What is the fix for Logjam, disabling DHE ciphers or requiring minimum bitness, and If bits, how many?
Disabling DHE ciphers is one
Disabling DHE ciphers is one option but Mozilla did not do this. Rather, the fix we backported bumped the minimum key size. It is now 1024 bits.
Ok, thanks :)
Ok, thanks :)
SHA256 checksum doesn't
SHA256 checksum doesn't verify
https://dist.torproject.org/torbrowser/4.5.2/sha256sums-unsigned-build…
2de1e369dea4b2c6a1192bad8b65e9cfb70ea2830ddb2ab0305be95cddbcda84 torbrowser-install-4.5.2_en-US.exe
As the name of the file
As the name of the file implies this is the checksum of the *unsigned* .exe. Have you stripped the authenticode signature first, before comparing the SHA 256 sums? See: https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerif…
SHA256 checksum doesn't
SHA256 checksum doesn't verify
My personal experience is if you are using Microsoft Windows OS, you could try installing gpg4win and use it to verify torbrowser-install-4.5.2_en-US.exe.asc against torbrowser-install-4.5.2_en-US.exe
gpg4win is available for free from: http://www.gpg4win.org/download.html
AVG attacks Torbrowser
AVG attacks Torbrowser durning installation. (4.5.2 WIN)
Hadn't happened here, with
Hadn't happened here, with AVG on my Windows.
Same. Tried installing it
Same. Tried installing it differently as well.
same. AVG detect Unknown
same. AVG detect Unknown Virus during installation / upgrade of 4.5.2
Win 7
AVG exactly found a threat
AVG exactly found a threat named "IDP Generic Whitelisted". If let it repaire it deletes the tor.exe. Or you should add to AVG exceptions. I`v controlled the fingerprint and it was OK, but i don`t want punch a hole on my firewall with the exception. Please help me find a solution.
Tor browser is often unable
Tor browser is often unable to connect to the Tor network or pages
do not load.It works well only in Linux.I am in Russia.Can somebody
help?
I've tried to download the
I've tried to download the italian version but it's 0 byte large.
Can you check and solve this problem?
Thanks.
This should be fixed now,
This should be fixed now, thanks for reporting this issue.
Tor had finally been working
Tor had finally been working well for commenting on political sites. I could get a new circuit quickly, which is necessary for sites that have blocked many of Tor exit IPs. It is necessary to try many IPs before a post can get through the site's block list.
Now it is frigged up again, since getting a "new circuit for this site" reloads the page. The process takes much longer. Why did you change what had worked well?
If you people have no conception of what it is like to try and use Tor for online commenting, what in heaven's name are you using Tor for? Pirating movies?
Maximizing the browser
Maximizing the browser window still does not work (4.5.2 WIN). The maximize window button does odd things: resulting window too high for screen, or window reduced to a bar. I'd like to start maximized. What can I do?
Are you sure you want to
Are you sure you want to maximize? Are you aware of the fingerprinting implications?
I have the same issue.
I have the same issue. Unable to expand the TOR browser window. (Version 4.5.2 Windows 8.1) I could not find any options to correct this problem. Please help.
Domain isolation still
Domain isolation still broken. Can't download anything from any file host tried. When will this be a toggle?
Could you give me steps to
Could you give me steps to reproduce your problem?
And on 4.5, only worked
And on 4.5, only worked sometimes or with a new circuit created manually.
Link gets deleted because
Link gets deleted because *obviously* it is evil. If repeat, look at end of ticket 15933, and just find any link to that site anywhere. Last worked on 4.5
tor-browser-linux32-4.5.2_en-
tor-browser-linux32-4.5.2_en-US does not work for me:
$ ./start-tor-browser
$ echo $?
126