Tor Browser 4.5.2 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.

Here is the complete changelog since 4.5.1:

All Platforms
- Update Tor to 0.2.6.9
- Update OpenSSL to 1.0.1n
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update Torbutton to 1.9.2.6
  - Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  - Bug 14429: Make sure the automatic resizing is disabled
  - Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser

> Update OpenSSL to 1.0.1n I

> Update OpenSSL to 1.0.1n

I take it then that Tor/Firefox are not effected by the HMAC ABI breakage that required the v1.0.1o release of OpenSSL the day after v1.0.1n?

That is our current

That is our current understanding, yes. Thus, even pointing to a system tor or copying a self-compiled tor into the respective Tor Browser directory should not break things for users.

The regular Tor Browser update in two weeks will ship with OpenSSL 1.0.1o then.

By the way: "The regular Tor

By the way:

"The regular Tor Browser update in two weeks"

Will this update be 4.5.x or 5.x.x ??

4.5.3 ad 5.0a3

To: mikeperry, gk, arma,

To: mikeperry, gk, arma, erinn, et. al.

Firstly thanks for bringing out the latest update.

Secondly, according to gk, the next update of Tor Browser will include OpenSSL 1.0.1o.

Please, please, co-ordinate with Tails' developers so that Tails will have a Tor Browser that includes OpenSSL 1.0.1o and the latest updates from you guys. Your ability to work with Tails as a team and in-sync would be appreciated. For your info, according to Tails' website, the next update of Tails is scheduled for June 30.

Yes, the next Tor Browser

Yes, the next Tor Browser release is scheduled for the same day. So, everything should work out.

Why not using OpenSSL 1.0.2c?

My Windows PC has the

My Windows PC has the OpenSSL 1.0.2 branch in the system directory. Do you perceive possible conflicts with TorBrowsers OpenSSL 1.0.1 when using TorBrowser?

Are there security/anonymity benefits of using OpenSSL 1.0.1 over 1.0.2?

Are there security/anonymity

Are there security/anonymity benefits of using OpenSSL 1.0.1 over 1.0.2?

You will receive a faster response if you re-post your question on https://tor.stackexchange.com/

What's with the first

What's with the first question of that post Mr. Picky?

> You will receive a faster

> You will receive a faster response if you re-post your question on https://tor.stackexchange.com/

No, you won't. I asked the same question over a month ago and got no responses.

What's the difference

What's the difference between "new identity" and "new circuit for this site"?

New identity clears the

New identity clears the browser state.

What's the difference

What's the difference between "new identity" and "new circuit for this site"?

You will receive a faster response if you re-post your question on https://tor.stackexchange.com/

"New Tor Circuit for this

"New Tor Circuit for this Site" just gives you a new Tor circuit for the particular website leaving all your browser state (cookies, etc.) untouched. "New Identity" gives you basically a clean, new browser session.

Thanks guys!

Not sure if a bug - windows

Not sure if a bug - windows resizing is not working properly. When I open tbb and go to ipcheck.info my monitor screen sizes varies from 999 x 490 pixels and other variations of this instead of the default size intended for TBB.

works without problem on my

works without problem on my system: when I open ipcheck.info, I get 1000x600 pixels, which seems to be the intended value.

which operating system do you use?? maybe your window manager will mess up things...

I get--> Browser window

I get--> Browser window 1004 x 632 pixels (inner size)

on Windows.

The link

The link "https://weakdh.org/" is not working. I always get that "Problem loading page" thing...

The time: 14:30:00 UTC

now it works! I guess I was

now it works! I guess I was simply too impatient ::-)

ERROR: Not all signatures

ERROR: Not all signatures were verified

Is the signature's process during update not yet ready ?

What is broken in particular?

The error message during the

The error message during the update is scary:
Jun 17 20:55:54.000 [notice] New control connection opened from 127.0.0.1.
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
Jun 17 20:56:15.000 [notice] Owning controller connection has closed -- exiting now.

Did we install hacked software?

No, see:

No, see: https://bugs.torproject.org/15532 for the background of this issue.

Some files from

Some files from https://dist.torproject.org/torbrowser/4.5.2/ has 0 byte size

for example: tor-win32-0.2.6.9.zip, torbrowser-install-4.5.2_it.exe, TorBrowser-4.5.2-osx64_es-ES.dmg.asc and others.

This should be fixed now,

This should be fixed now, thanks for reporting.

What is the fix for Logjam,

What is the fix for Logjam, disabling DHE ciphers or requiring minimum bitness, and If bits, how many?

Disabling DHE ciphers is one

Disabling DHE ciphers is one option but Mozilla did not do this. Rather, the fix we backported bumped the minimum key size. It is now 1024 bits.

Ok, thanks :)

SHA256 checksum doesn't

SHA256 checksum doesn't verify

https://dist.torproject.org/torbrowser/4.5.2/sha256sums-unsigned-build…

2de1e369dea4b2c6a1192bad8b65e9cfb70ea2830ddb2ab0305be95cddbcda84 torbrowser-install-4.5.2_en-US.exe

As the name of the file

As the name of the file implies this is the checksum of the *unsigned* .exe. Have you stripped the authenticode signature first, before comparing the SHA 256 sums? See: https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerif…

SHA256 checksum doesn't

SHA256 checksum doesn't verify

My personal experience is if you are using Microsoft Windows OS, you could try installing gpg4win and use it to verify torbrowser-install-4.5.2_en-US.exe.asc against torbrowser-install-4.5.2_en-US.exe

gpg4win is available for free from: http://www.gpg4win.org/download.html

AVG attacks Torbrowser

AVG attacks Torbrowser durning installation. (4.5.2 WIN)

Hadn't happened here, with

Hadn't happened here, with AVG on my Windows.

Same. Tried installing it

Same. Tried installing it differently as well.

same. AVG detect Unknown

same. AVG detect Unknown Virus during installation / upgrade of 4.5.2
Win 7

AVG exactly found a threat

AVG exactly found a threat named "IDP Generic Whitelisted". If let it repaire it deletes the tor.exe. Or you should add to AVG exceptions. I`v controlled the fingerprint and it was OK, but i don`t want punch a hole on my firewall with the exception. Please help me find a solution.

Tor browser is often unable

Tor browser is often unable to connect to the Tor network or pages
do not load.It works well only in Linux.I am in Russia.Can somebody
help?

I've tried to download the

I've tried to download the italian version but it's 0 byte large.
Can you check and solve this problem?
Thanks.

This should be fixed now,

This should be fixed now, thanks for reporting this issue.

Tor had finally been working

Tor had finally been working well for commenting on political sites. I could get a new circuit quickly, which is necessary for sites that have blocked many of Tor exit IPs. It is necessary to try many IPs before a post can get through the site's block list.

Now it is frigged up again, since getting a "new circuit for this site" reloads the page. The process takes much longer. Why did you change what had worked well?

If you people have no conception of what it is like to try and use Tor for online commenting, what in heaven's name are you using Tor for? Pirating movies?

Maximizing the browser

Maximizing the browser window still does not work (4.5.2 WIN). The maximize window button does odd things: resulting window too high for screen, or window reduced to a bar. I'd like to start maximized. What can I do?

Are you sure you want to

Are you sure you want to maximize? Are you aware of the fingerprinting implications?

I have the same issue.

I have the same issue. Unable to expand the TOR browser window. (Version 4.5.2 Windows 8.1) I could not find any options to correct this problem. Please help.

Domain isolation still

Domain isolation still broken. Can't download anything from any file host tried. When will this be a toggle?

Could you give me steps to

Could you give me steps to reproduce your problem?

And on 4.5, only worked

And on 4.5, only worked sometimes or with a new circuit created manually.

Link gets deleted because

Link gets deleted because *obviously* it is evil. If repeat, look at end of ticket 15933, and just find any link to that site anywhere. Last worked on 4.5

tor-browser-linux32-4.5.2_en-

tor-browser-linux32-4.5.2_en-US does not work for me:

$ ./start-tor-browser
$ echo $?
126

Upcoming Events

August 08, 2019 - August 11, 2019

DEF CON (Las Vegas)

August 08, 2019 - August 15, 2019

BornHack (Funen, Denmark)

August 14, 2019 - August 16, 2019

USENIX (Santa Clara)

September 12, 2019 - September 13, 2019

APIdays.io (Barcelona)

See All Upcoming Events

Recent Updates

New Release: Tor Browser 9.0a4

Tor Browser 9.0a4 is now available from the Tor Browser Alpha download page and also from our

New Release: Tor Browser 8.5.4

Tor Browser 8.5.4 is now available from the Tor Browser Download page and also from our

New alpha release: Tor 0.4.1.3-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.1.3-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the next couple of weeks.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.1.3-alpha resolves numerous bugs left over from the previous alpha, most of them from earlier release series.

Changes in version 0.4.1.3-alpha - 2019-06-25

Major bugfixes (Onion service reachability):
- Properly clean up the introduction point map when circuits change purpose from onion service circuits to pathbias, measurement, or other circuit types. This should fix some service-side instances of introduction point failure. Fixes bug 29034; bugfix on 0.3.2.1-alpha.
Minor features (geoip):
- Update geoip and geoip6 to the June 10 2019 Maxmind GeoLite2 Country database. Closes ticket 30852.

Tor's New Anti-Censorship Team: Defending The Open Internet

Photo by John Matychuk on Unsplash