New Release: Tor Browser 10.0.12

by sysrqb | February 23, 2021

Tor Browser 10.0.12 is now available from the Tor Browser download page and also from our distribution directory.

This version updates Desktop Firefox to 78.8.0esr and Android Firefox to 86.1.0. In addition, Tor Browser 10.0.12 updates NoScript to 11.2.2, Openssl to 1.1.1j, and Tor to 0.4.5.6. This version includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.

The full changelog since Desktop and Android Tor Browser 10.0.11 is:

  • All Platforms
    • Update NoScript to 11.2.2
    • Update Openssl to 1.1.1j
    • Update Tor to 0.4.5.6
  • Windows + OS X + Linux
    • Update Firefox to 78.8.0esr
    • Bug 40026: Create survey banner on about:tor for desktop
    • Bug 40287: Switch DDG search from POST to GET
  • Android
    • Update Firefox to 86.1.0
    • Bug 40138: Create survey banner on about:tor for Android
    • Bug 40144: Hide Download Manager
    • Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware
    • Bug 40188: Build and ship snowflake only if it is enabled
    • Bug 40309: Avoid using regional OS locales
    • Bug 40344: Set privacy.window.name.update.enabled=false
  • Build System
    • Android
      • Bug 40214: Update AMO Collection URL
      • Bug 40217: Update components for switch to mozilla86-based Fenix
Tags
tor browser
tbb
tbb-10.0
Jason

Anonymous (not verified) said:

February 23, 2021

Permalink

> Update Openssl to 1.1.1j

If a Linux distro's repository packages an older version, which one will Tor Browser use?

Jason

Anonymous (not verified) said:

February 23, 2021

Permalink

Switching DuckDuckGo from POST to GET unfortunately doesn't solve DDG recently not rendering on safest security level.

Jason

Anon12345 (not verified) said:

February 23, 2021

Permalink

DuckDuckGo, DuckDuckGo onion and Startpage searches no longer load when the safety slider is set on Safest. It loads when set on Safer.

This issue was intermittent with the previous version (10.0.10) but it appears not loading at all now.

Jason

Anonymous (not verified) said:

February 23, 2021

Permalink

Survey page has expired. I took too long writing everything, and the website lost all of it. I hope my many paragraphs you weren't able to receive helped you a ton!! I won't be writing it again.

Jason

Frequent Searcher (not verified) said:

February 23, 2021

Permalink

Thanks for your great work!

"Bug 40287: Switch DDG search from POST to GET": since this is not really a bug, but a change in a user preference setting, I personally do prefer POST much more. Perhaps this setting can be offered on the "Preferences/Search" tab...

Until then, what TorBrowser search file(s) can I tweak to revert my DDG searches back to the POST method? At least for the search bar.

Appreciate any info or link.
Thanks.

Jason

info (not verified) said:

February 24, 2021

Permalink

This update: 10.0.12 is causing very high CPU usage on the Mac, compared to the previous version. Please fix this.

Jason

Jack (not verified) said:

February 24, 2021

Permalink

DDG search becomes problematic for me . Someone asked for this change, to be able to return to the page that contains search results. By pressing [back] button. It's fine. But I don't want my search keywords to be visible in url . Isn't post always safer when it comes to handling form data ? Am I missing anything ?

> Isn't post always safer when it comes to handling form data?

No. The GET method does not significantly increase privacy. Read here:
https://blog.torproject.org/comment/290937#comment-290937

The significance of visibility of keywords in URLs is higher in your web browser than when the message data is in transit or on the server. Furthermore, most people don't save bookmarks, so the URLs in their browser session would be displayed on screen at the same time as the page contents would be. In that case, the page contents and the hostname are significantly more sensitive than keywords appended at the end of the URL, but neither the page contents nor the hostname are hidden by the POST or GET methods. People who do save bookmarks are assumed to understand the risks of saving their browsing history to disk and how to edit the bookmarks to remove keywords.

Jason

Anonymous (not verified) said:

February 24, 2021

Permalink

Tor Project, ask your outreach team to consider putting out a call on social media for translators for Myanmar (Burmese language). They are protesting a military coup and could use Tor. In the message, translate the keywords into Burmese that Burmese speakers are most likely to stumble upon. Link to here: https://community.torproject.org/localization/ Include the most common hashtag, #WhatsHappeningInMyanmar

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

About text formats
CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

3 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.