New Release: Tor Browser 8.0.4
This release features important security updates to Firefox.
Tor Browser 8.0.4 contains updates to Tor (0.3.4.9), OpenSSL (1.0.2q) and other bundle components. Additionally, we backported a number of patches from our alpha series where they got some baking time. The most important ones are
- a defense against protocol handler enumeration which should enhance our fingerprinting resistance,
- enabling Stylo for macOS users by bypassing a reproducibility issue caused by Rust compilation and
- setting back the sandboxing level to 5 on Windows (the Firefox default), after working around some Tor Launcher interference causing a broken Tor Browser experience.
Moreover, we ship an updated donation banner for our year-end donation campaign.
The full changelog since Tor Browser 8.0.3 is:
- All platforms
- Update Firefox to 60.4.0esr
- Update Tor to 0.3.4.9
- Update OpenSSL to 1.0.2q
- Update Torbutton to 2.0.9
- Update HTTPS Everywhere to 2018.10.31
- Update NoScript to 10.2.0
- Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
- Bug 25794: Disable pointer events
- Bug 28608: Disable background HTTP response throttling
- Bug 28185: Add smallerRichard to Tor Browser
- OS X
- Build System
- All Platforms
- Bug 27218: Generate multiple Tor Browser bundles in parallel
- All Platforms
It would be nice to end this problem of every time I start Microsoft Windows 7 again, connect using OpenVPN (doesn't matter the service provider, happens with all) I always get, the first time I try to connect, the error window explaining that TorBrowser is not properly protecting the session. The only way to bypass the error is to close, and execute TorBrowser all over again. The second time I can always connect without problems.
This is happening at least since these new 8 version based on Firefox 60, in previous version I never had any problem.
I've read the same problem from other users in the past here in the Blog so I'm sure I'm not the only one having these problem.
But I don't know it they were connecting to normal Internet or to a OpenVPN service provider first like I'm doing it, to conceal the use of TorBrowser/ Onion use from the ISP (they don't have any problem with the use of ONION, they don't attempt to block it, but one can only guess that should the local government changes their mind in the future I would be immediately in their gray/ red/ black list for using Onion network).