New Release: Tor Browser 8.0.5

Tor Browser 8.0.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This new release updates Firefox to 60.5.0esr and Tor to the first stable release in the 0.3.5 series, 0.3.5.7.

It contains a number of backports from the alpha series, most notably the proper first-party isolation of range requests when loading PDF documents.

We also updated NoScript and HTTPS Everywhere to their latest versions and removed our donation campaign related code.

The full changelog since Tor Browser 8.0.4 is:

  • All platforms
    • Update Firefox to 60.5.0esr
    • Update Tor to 0.3.5.7
    • Update Torbutton to 2.0.10
      • Bug 29035: Clean up our donation campaign and add newsletter sign-up link
      • Bug 27175: Add pref to allow users to persist custom noscript settings
    • Update HTTPS Everywhere to 2019.1.7
    • Update NoScript to 10.2.1
      • Bug 28873: Cascading of permissions is broken
      • Bug 28720: Some videos are blocked outright on higher security levels
    • Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
    • Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
    • Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
khled.8@hotmai.com

January 31, 2019

Permalink

https://www.whoishostingthis.com/tools/user-agent/ reports different values for "screen resolution" and "browser window size" (e.g. 1000x700 and 989x700, respectively). I did not resize the browser window prior to this.

My guess is that it's because of the scrollbar, meaning that the website can detect the width of user's scroll bar. This width might be different on different systems, graphical toolkits, desktop environments, etc., increasing the fingerprint.

khled.8@hotmai.com

January 31, 2019

Permalink

Ooops!

No 'Site Identity button' on the left side of the URL bar and nothing in 'customize' either. I haven't seen it it the last few iterations of the TBB and I thus thought it had been eliminated.

Please help...

khled.8@hotmai.com

February 01, 2019

Permalink

I recently updated from Tor 8.0.4 to 8.0.5 and can no longer add or delete bookmarks. I have been unable to restore html format or backups or json format bookmarks. This seems to be a bug in the 8.0.5 update.

khled.8@hotmai.com

February 02, 2019

Permalink

Tor doesn't start after pressing 'Restart Tor' button on Windows (no AV/FW, just Tor Launcher bug):

[02-02 11:32:32] TorLauncher NOTE: _startTor error: [scrubbed]
[02-02 11:32:39] TorLauncher NOTE: failed to open authenticated connection: [scrubbed]
[02-02 11:34:48] TorLauncher NOTE: Event monitor read error [scrubbed]
[02-02 11:34:48] TorLauncher NOTE: Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team.

Restarting Tor will not close your browser tabs.
[02-02 11:34:54] TorLauncher NOTE: failed to open authenticated connection: [scrubbed]

How can I reproduce this bug? On which platform does this happen?

Kill tor.exe while Tor Launcher is starting Tor Browser.

on Windows

I tried that but Tor still gets restarted and boostraps correctly. Here is what I did:

1) I launched Tor Browser
2) During the bootstrap process I clicked on "Cancel" to halt it and to have time to kill the Tor process
3) I killed the process and the restart button appeared
4) I clicked the button and Tor bootstrapped properly after a while.

If you can't kill tor during tbb launch, try:
kill tor after tbb launch,
small window will appear with restart/OK, press restart and
during restart tor press Cancel,
kill tor again,
then press restart tor in a big window.

I get an error message. The site doesn't allow me to view it. (purplebricks.ca). What is the use of your browner if sites don't allow me to view them?

If sites don't allow access with Tor there is not much we can do besides asking/pressuring them in doing so, alas. But you can use Tor Browser for getting its privacy and security features on sites that *do* allow it. And those are the vast majority on the web.

And if you really really need to visit that particular site, you might consider buying a Raspberry Pi, a very inexpensive computer (the size of a package of cigarettes) which doesn't work with Tor but can be used to surf to the few places where Tor can't take you. You ISP and all the spooks will know where you surf with the Pi, but if you don't use it too much it might be safe.

Why is the default for NoScript allowing all options?.. that's now more relaxed than trusted!!
Switching from off by default to on by default is dangerous.. and resets to that each time tor is started; surely this is not intentional by those with Tor's core interest at heart.
=> Linux: Tor 8.0.5 + NoScript 10.2.1 => Tools.Add-ons.NoScript[Preferences]

Good!

HTTPSE doesn't update its rulesets during update. Now it is of version 2019.1.7, but rulesets are from 2018.9.19.

But your rulesets should get updated automatically between the HTTPS-Everywhere updates we ship and you get via the extension update channel, no? How can I reproduce your issue?

It was an outdated Tor Browser 8.0.1 which updated automatically except rulesets.

Do you get ruleset updates later on, when you restart the browser? Or the next ruleset update check happens?

No. It doesn't depend on restarts or add-ons' updates. You even can't force it to update. But, yes, I got rulesets updates the next time its check happened.

How do you check that the rulesets are not updated during the browser update? The UI in HTTPS-Everywhere seems only to indicate when the last update via the HTTPS-Everywhere *built-in* functionality happened. At least that's how I would read it.

Press HTTPSE icon, no? It shows Version and Rulesets version for EFF.

https://github.com/TheTorProject/gettorbrowser/
Is still at version 8.0.2.
Please update.
It is safer to have multiple download links up.
Care more about humans living in bad countries.
Thanks.

Yes, we are aware of that shortcoming and are working on that. Stay tuned and sorry for the inconvenience of an update to the latest version after having downloaded this outdated one.

how disable java in tor

If you mean "how to disable javascript in Tor Browser", left click on the onion icon (top left corner of TorBrowser window), choose "Security Settings", then choose "Safest".

Tor is compromised without blocking scripts. Default safe, not vulnerable?

Iam new here please help me how to use tor browser

The down side of using tor ~" No adblocker"

The Torproject should create a website that displays websites that block the Tor browser.

As an example Tunnblick was intially blocked and was not aware their ISP blocked Tor. Other sites like https://www.kbb.com "kelly bluebook" and https://www.lifewire.com/ "electornic magaizine block Tor but I cannot see a reason why.

NOT WORK, NOT JOB!
Win 10, 7 64x
804, 805

803 Good.

It would be helpful if you could be a bit more specific in your error report. What does not work? What did you do and what happened. Is that reproducible on your system?

TBB needs update?