New Release: Tor Browser 10.0.5

Updated on 27 November 2020: Android Tor Browser 10.0.5 is now available. (Originally published on 17 November)

Tor Browser 10.0.5 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox on desktops to 78.5.0esr, Fenix on Android to 83.1.0 and updates Tor to 0.4.4.6. This release includes important security updates to Desktop Firefox, and important security updates to Android Firefox.

Note: Android Tor Browser 10.0.5 is delayed until next week. In the future, new Tor Browser versions for Android and Desktop should be published at the same time.

The full changelog since Tor Browser 10.0.4 (Desktop) is:

  • Windows + OS X + Linux
    • Update Firefox to 78.5.0esr
    • Update Tor to 0.4.4.6
    • Bug 40212: Add new default obfs4 bridge

The full changelog since Tor Browser 10.0.4 (Android) is:

  • Android
    • Update Fenix to 83.1.0
    • Update Tor to 0.4.4.6
    • Bug 40212: Add new default obfs4 bridge
  • Build System
    • Android
      • Bug 40126: Update toolchains for Fenix 83
      • Bug 40126: Bump Node to 10.22.1 for mozilla83
      • Bug 40127: Update GeckoView to 83, android-components to 63.0.1, and Fenix to 83.0.0b2
      • Bug 40160: Update Fenix to 83.1.0, and android-components to 63.0.9
      • Bug 40211: Lower required build-tools version to 29.0.2
Anonymous

November 28, 2020

Permalink

it is impossible to download 10.0.5 for android from this site by using the previous android version of Tor browser.

Anonymous

November 29, 2020

Permalink

in about:config
set extensions.torbutton.resize_new_windows to false,
but after restart torbrowser this setting again TRUE
this happens every time, every time you start torbrowser.
why is it so? maybe bug?

Anonymous

December 01, 2020

Permalink

Gah. Your tab just crashed.
We can help!

Choose Restore This Tab to reload the page.

MacBook Pro 2020 M1 please fix

Anonymous

December 02, 2020

Permalink

I am on Android. For some reason the auto updates enabled it self or idk maybe I had them enabled and tor updated to 10.0.5. The interface is ok. But when I went to bookmarks they were all changed. Before, they were in chronological order, so that the first I saved were at the top and the newer ones at the bottom. But it seems like, when it was importing them, it did not follow any order, because now the bookmarks are randomized. Some that were at the top are now at the bottom and vice versa. They are not even in alphabetical order. I cannot find anythjng because of this. I also cannot fix it because in Android I cannot change the bookmark's place (In PC I can just drag and drop it to a new location, but holding them on android just "selects" them and the only option is delete). Maybe you should add an option to change bookmarks' place/location so I (and other people who might have had the same problem) can fix it. Maybe some kind of slider/button at one side that you can hold then drag to move the location.

Anonymous

December 02, 2020

Permalink

Hi, Tor Browser Guys,

I just wanted to tell you that I needed to downgrade Tor Browser to a pre-10.0 version because on my Android (8.0) smartphone it still is not possible to do about:config!!

For me, since about Tor Browser version 10, there are three fatal errors, every single one of them knocking out my acceptance to this app:

  1. about:config is no more possible. Writing this into the address line does not lead to the configuration.
    You got an extensive email about this by me.
    You did not resolve this error.
  2. The user does not have any choice about the cookie behaviour of the browser.
  3. The import button of the noscript add-on does not work at all!
    (Test: Do some noscript configuration with site-specific settings. Export it to a file. Do completely different settings. Import the saved setting. Nothing is changed.)

Starting with about 10.0.2 this is the worst Tor Browser.
Sorry to tell.

Hello,

For (1), Mozilla is tracking that in https://github.com/mozilla-mobile/fenix/issues/7865
For (2), correct, adjusting the cookie settings was not recommend in the previous version and it is not recommended on desktop. Our only goal was providing the same supported functionality from Tor Browser 9.5.4 and Tor Browser 10.0.3. Tor Browser does not accept third-party cookies, but it saves first-party cookies within a session. Currently there is not a way to disable first-party cookies, however they are deleted when you quit the app.
For (3), thanks for reporting this. We will investigate this. https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/402…

About your number 3, in case you didn't know, NoScript permissions are reset every time you change the security level. If you import permissions and then change your security level, the permissions will be deleted anyway unless you select "Override Tor Browser's Security Level preset" in NoScript's options. Be cautious about that option because customized permissions can be observed making uniquely identifiable connection patterns and can therefore de-anonymize your activity.

https://2019.www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
https://support.torproject.org/tbb/tbb-14/

Anonymous

December 04, 2020

Permalink

Firstly, thank you for Tor Browser! You developer guys are doing a wonderful job.

Re: your reply to a commenter above - "Yes, all updates are downloaded automatically and the update process is completed on the next start of the browser, only if the download completed successfully before you quit the browser during the previous session.|" (my emphasis) - so, a suggestion - perhaps when a user clicks on the 'close' button to terminate Tor Browser, but there is in fact an update downloading in the background at that moment, you could implement a pop-up message informing the user that Tor Browser is in the process of updating, and saying something like "an update is downloading right now. Are you sure you want to close Tor Browser, or would you rather wait until the update download is complete?".

Tor Browser weighs in at around 90MB, which may seem like nothing to those with unlimited bandwidth, but is a significant amount of data to those with limited (and costly) monthly data allowances.

Keep up the good work. The world needs you. ... (Just one thing, though; is there no way to detect and do something about these "exit nodes operated by bad guys" one reads about?

The update process came with the source code from Firefox. It's developed by Mozilla. Tor Project basically modifies the links and the files for Tor Browser's updates instead. You should write that suggestion on Mozilla's bug tracker.

There are ways to detect malicious exit nodes and ways to report them.[1][2] Over the years, many malicious or outdated relays have been discovered and ostracized.[3][4][5][6][7][8]

Anonymous

December 05, 2020

Permalink

I just started using the Android version after buying my first smartphone. Despite the UI regressions in Fenix, you've still overcome and made a solid product. I really appreciate the work y'all do.

Anonymous

December 08, 2020

Permalink

I don't know whether this will be answered, let alone seen (since The Tor Blog often stops at a certain point from approving comment submissions), but here goes:

Why are these links seen as not secure, and when I click on the padlock icon with a red slash through the padlock, there is no information about Tor nodes? Links which begin like these:

data:image/png;base64

Boggles my mind.

Anonymous

December 08, 2020

Permalink

From closed "New Release: Tor Browser 10.5a4"
https://blog.torproject.org/comment/290611#comment-290611
">Don't mix foreign webstorage with browser configs!
That was a decision made for Firefox, please contact them."

Great)-:.
From my own experience it's bound to fail -sorry.
You have more influence to convice Mozilla to do not
so obvious illogical things. Wrong doing against browser/Firefox/Torbrowser security.
So much discussions about convenience but for such a thing -mix foreign data with browser config!- there's only silence. Ehm.... .

If Mozilla want's to be trusted, it's Mozillas job to explain why it's a good idea to mix
foreign webstorage with browser configs. Logically explaining.

Anonymous

December 09, 2020

Permalink

Hi, there is a new version of openssl out, fixing a security issue. For next Tor release I think better update.