New Alpha Release: Tor Browser 15.0a1

Tor Browser 15.0a1 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

It's ESR transition season again!

Once again, it is the time of year where the Applications Team (mostly) de-prioritises feature-work and instead focuses on updating Tor Browser and Tor Browser for Android to the latest and greatest version of Firefox ESR (Extended Support Release) . For a general overview of this process, please do see our 14.0a1 release post from last year.

Fortunately, we're in a much better place than we were this time last year. Following lessons learned from last year, we have again performed and reviewed iterative rebases from Firefox 128 up to Firefox 140 and finally onto Firefox ESR 140. Tor Browser 15.0a1 is available for all our supported platforms (Windows, macOS, Linux, and Android) unlike last year where we had to delay our Android release.

We have also completed our annual Bugzilla Triage and have flagged for further review myriad issues resolved upstream by Mozilla over the past year. These are issues which may have privacy or security implications if they were to be shipped in Tor Browser, or they may simply be somehow interesting to us and warrant further attention. The bulk of the remaining work for us this release cycle is to review the remainder of these issues, develop any necessary patches needed to fix any found problems, and to fix any other bugs we find.

Challenges and Triumphs

Android build-reproducibility Issues

Every major rebase typically introduces a few difficulties around build-reproducibility. This major rebase was no exception and we had to resolve some problems with our Tor Browser Android build-system. For now the solution seems to be to disable compiler optimisations for the affected modules. You can read more about this in tor-browser-build#41495.

Android APKs too big

The Google Play Store has a strict size limit of about 100 megabytes for Android applications. Left to its own devices, software also seems to have a tendency to grow, so we have to do some digging and carve out some space to hit our size budget. Fortunately, this time around it was a relatively simple matter of modifying some compiler flags. You can read more about this in tor-browser-build#41500.

Upstream source migrations

Historically, Mozilla has used Mercurial internally for its source control and then mirrored this repository to a GitHub project called gecko-dev. Mozilla decided recently to change this mirroring to a GitHub project called firefox. Unfortunately, these two git repositories share no common history which means our own Tor Browser forks nearly doubled in size which has caused some headaches for both our developers (who have had to deal with downloading/uploading gigabytes of commit history when pulling/pushing branches) and our system administrators (who have had to handle this unplanned scaling). One nice side-effect of all of this at least is that we no longer have to tag Firefox commits ourselves. You can read more about this in tpo/tpa/team#42129.

Current Status

We have:

• rebased Tor Browser and Tor Browser for Android to Firefox ESR 140 from Firefox ESR 128
• updated the build systems with the latest dependencies and fixed a few reproducibility issues
• triaged all of the upstream changes from the past year and flagged over 170 issues for further review
• resolved 17 of these triaged issue

For the remainder of this release cycle, we will be focusing on auditing these issues and fixing bugs until the 15.0 alpha series is ready to become Tor Browser Stable 15.0.

Known Issues

Source Archive Reproducibility

We publish a source archive with each our releases (e.g. src-firefox-tor-browser-140.1.0esr-15.0-1-build3.tar.xz). These contain all of the code and assets used to build the browser portion of Tor Browser (i.e. excluding tor and the pluggable-transports). One would think that such data should be trivially deterministic, but this is sometimes not the case. For example, during the Tor Browser 13.0 release cycle, we had a similar issue with generated headers on Windows.

This time around, the git archive process used to generate these source archives is generating a different .git-archive.txt metadata file in one of the browser's vendored dependencies. This file has no effect on the build process (which we can concretely know since the generated binaries users actually download and run are identical), so this non-determinism did not block this release. This issue is being tracked in tor-browser-build#41528.

Send us your feedback

Now is a great time to become an alpha tester! If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 14.5a6 is:

• All Platforms
  • Updated NoScript to 13.0.8
  • Updated OpenSSL to 3.5.1
  • Bug tor-browser#43397: Click to play should override "Any capability blocked in the top document must be blocked in its subdocuments too"
  • Bug tor-browser#43772: Do not use official branding for BB/TB/MB
  • Bug tor-browser#43783: Tighten up the SecurityLevel module to enforce new UX flow
  • Bug tor-browser#43784: Get confirmation from NoScript that settings are applied
  • Bug tor-browser#43853: DomainFrontedRequests: setData is no longer a function
  • Bug tor-browser#43880: Update moat's domain front url
  • Bug tor-browser#43993: Backport Security Fixes from Firefox 141
  • Bug tor-browser#44000: Rebase Tor Browse Alpha onto 140.1.0esr
  • Bug tor-browser-build#41502: Application services build is failing on isNetworkAllowed()
  • Bug tor-browser-build#41508: Switch built-in meek bridge to meek-unredacted
  • Bug tor-browser-build#41515: Bump version of Conjure to include P173 improvements
• Windows + macOS + Linux
  • Updated Firefox to 140.1.0esr
  • Bug tor-browser#42738: Tidy up the commit structure for browser updates UI
  • Bug tor-browser#43590: Move letterboxing rules out of browser/base/content/browser.css
  • Bug tor-browser#43610: Use newer CSS variable names for ESR 140
  • Bug tor-browser#43629: All migrations in _migrateUIBB are run for new profiles
  • Bug tor-browser#43635: Console noise due to the x-load capability not being localized
  • Bug tor-browser#43638: Fix up our <command> elements
  • Bug tor-browser#43765: Temporarily disable Lox
  • Bug tor-browser#43766: Only save the relevant TorSettings changes to preferences.
  • Bug tor-browser#43776: Set branding files for l10n merging
  • Bug tor-browser#43782: Add new UX flow for changing security level (Desktop)
  • Bug tor-browser#43879: tor-branding.css declarations are overwritten
  • Bug tor-browser#43886: Fix new tab for ESR 140
  • Bug tor-browser#43905: base-browser.ftl missing from about:addons
  • Bug tor-browser#43906: Extension.sys.mjs change in the wrong commit
  • Bug tor-browser#43913: Bizarre right-clicking issues: menu items blanked out and/or not working; too many items in the right-click menu; different right-clicking menu displayed initially for links
  • Bug tor-browser#43929: two about:tor pages opened after update
  • Bug tor-browser#43930: Onionize toggle not centre aligned in about:tor
  • Bug tor-browser#43947: Console error from ContentBlockingPrefs.init
  • Bug tor-browser#43989: Switch off AI chatbot preference
• Android
  • Updated GeckoView to 140.1.0esr
  • Bug tor-browser#43577: Flush settings fails on Android
  • Bug tor-browser#43786: Add new UX flow for changing security level (Android)
  • Bug tor-browser#43855: brand.properties merging on Android is broken in 140
  • Bug tor-browser#44029: Search/url bar doesn't work on android after ESR 140
  • Bug tor-browser#44036: Crash on opening "Search Settings" on android
  • Bug tor-browser-build#41494: Update GeckoView build scripts for ESR140
• Build System
  • All Platforms
    • Bug tor-browser#43615: Add Gitlab Issue and Merge request templates
    • Bug tor-browser#43616: Customize Gitlab Issue and Merge templates
    • Bug tor-browser#43777: Disable ./mach telemetry
    • Bug tor-browser#43891: Update the translation CI to use the new mozilla versions
    • Bug tor-browser#43954: Update tb-dev to handle lightweight tags
    • Bug tor-browser#43962: update tb-dev auto-fixup for git 2.50
    • Bug tor-browser-build#34434: Remove unused variables from rbm.conf
    • Bug tor-browser-build#40994: Add support in do-all-signing to sign release for some archs only
    • Bug tor-browser-build#41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils
    • Bug tor-browser-build#41432: Bump OpenSSL to >= 3.5.0
    • Bug tor-browser-build#41434: Go updates shouldn't target all platforms until macOS is on legacy in the changelogs
    • Bug tor-browser-build#41435: Skip update-responses update entries for versions without incremental or full update mar
    • Bug tor-browser-build#41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser
    • Bug tor-browser-build#41448: Update toolchains for Firefox ESR 140
    • Bug tor-browser-build#41449: Add prefix to update-responses xml files
    • Bug tor-browser-build#41451: When update-responses contains multiple versions, .htaccess only has one no-update.xml redirect
    • Bug tor-browser-build#41459: Update taskcluster/ci paths in README and comments
    • Bug tor-browser-build#41460: Add brizental to the list of people who can sign Tor Browser and Mullvad Browser tags
    • Bug tor-browser-build#41465: Disable development artifacts generation by default, keep it enabled for nightly builds
    • Bug tor-browser-build#41467: Remove list_toolchain_updates-firefox-android from Makefile
    • Bug tor-browser-build#41477: Update keyring/boklm.gpg for new subkeys (2025)
    • Bug tor-browser-build#41478: Add vim and others missing basic tools to base container image
    • Bug tor-browser-build#41486: Track bundletool and osslicenses-plugin versions in list_toolchain_updates_checks
    • Bug tor-browser-build#41496: Clean up unused projects
    • Bug tor-browser-build#41498: Update keyring/morgan.gpg with updated public key
    • Bug tor-browser-build#41501: cargo_vendor generated archive maintains timestamps
    • Bug tor-browser-build#41514: Remove var/build_go_lib from projects/go/config
    • Bug rbm#40084: Always use bash for the debug terminal
  • Windows + macOS + Linux
    • Bug tor-browser-build#41452: Skip update-responses xml files for versions which don't have incrementals
    • Bug tor-browser-build#41457: Set mar IDs as env variables in tor-browser-build
  • Windows + Linux + Android
    • Updated Go to 1.23.11
  • macOS
    • Bug tor-browser-build#41503: Error 403 when downloading macOS SDK
  • Linux
    • Bug tor-browser-build#41458: Ship geckodriver only on Linux
    • Bug tor-browser-build#41488: Disable sys/random.h for Node.js
  • Android
    • Bug tor-browser#43984: Update android build scripts and docs for ESR 140
    • Bug tor-browser#43987: 140 Android is not reproducible
    • Bug tor-browser-build#41280: download-android-<arch>.json does not get updated for android-only releases
    • Bug tor-browser-build#41453: Update application-services and uniffi-rs for ESR140
    • Bug tor-browser-build#41483: geckoview_example-withGeckoBinaries-....apk doesn't exist anymore in Firefox 140
    • Bug tor-browser-build#41484: Create a fork of application-services
    • Bug tor-browser-build#41499: Android nightly builds are broken
    • Bug tor-browser-build#41500: Optimize tor and its dependencies for size on Android
    • Bug tor-browser-build#41506: Use appilcation-services branch for nightlies builds
    • Bug tor-browser-build#41507: Single-arch build fails because artifacts don't have arch subdirectories