New Release: Tor Browser 8.0.5

Tor Browser 8.0.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This new release updates Firefox to 60.5.0esr and Tor to the first stable release in the 0.3.5 series, 0.3.5.7.

It contains a number of backports from the alpha series, most notably the proper first-party isolation of range requests when loading PDF documents.

We also updated NoScript and HTTPS Everywhere to their latest versions and removed our donation campaign related code.

The full changelog since Tor Browser 8.0.4 is:

  • All platforms
    • Update Firefox to 60.5.0esr
    • Update Tor to 0.3.5.7
    • Update Torbutton to 2.0.10
      • Bug 29035: Clean up our donation campaign and add newsletter sign-up link
      • Bug 27175: Add pref to allow users to persist custom noscript settings
    • Update HTTPS Everywhere to 2019.1.7
    • Update NoScript to 10.2.1
      • Bug 28873: Cascading of permissions is broken
      • Bug 28720: Some videos are blocked outright on higher security levels
    • Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
    • Bug 28740: Adapt Windows navigator.platform value on 64-bit systems
    • Bug 28695: Set default security.pki.name_matching_mode to enforce (3)
Anonymous

January 31, 2019

Permalink

https://www.whoishostingthis.com/tools/user-agent/ reports different values for "screen resolution" and "browser window size" (e.g. 1000x700 and 989x700, respectively). I did not resize the browser window prior to this.

My guess is that it's because of the scrollbar, meaning that the website can detect the width of user's scroll bar. This width might be different on different systems, graphical toolkits, desktop environments, etc., increasing the fingerprint.

Anonymous

January 31, 2019

Permalink

Ooops!

No 'Site Identity button' on the left side of the URL bar and nothing in 'customize' either. I haven't seen it it the last few iterations of the TBB and I thus thought it had been eliminated.

Please help...

Anonymous

February 01, 2019

Permalink

I recently updated from Tor 8.0.4 to 8.0.5 and can no longer add or delete bookmarks. I have been unable to restore html format or backups or json format bookmarks. This seems to be a bug in the 8.0.5 update.

Anonymous

February 02, 2019

Permalink

Tor doesn't start after pressing 'Restart Tor' button on Windows (no AV/FW, just Tor Launcher bug):

[02-02 11:32:32] TorLauncher NOTE: _startTor error: [scrubbed]
[02-02 11:32:39] TorLauncher NOTE: failed to open authenticated connection: [scrubbed]
[02-02 11:34:48] TorLauncher NOTE: Event monitor read error [scrubbed]
[02-02 11:34:48] TorLauncher NOTE: Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team.

Restarting Tor will not close your browser tabs.
[02-02 11:34:54] TorLauncher NOTE: failed to open authenticated connection: [scrubbed]

I tried that but Tor still gets restarted and boostraps correctly. Here is what I did:

1) I launched Tor Browser
2) During the bootstrap process I clicked on "Cancel" to halt it and to have time to kill the Tor process
3) I killed the process and the restart button appeared
4) I clicked the button and Tor bootstrapped properly after a while.

Anonymous

February 02, 2019

Permalink

I get an error message. The site doesn't allow me to view it. (purplebricks.ca). What is the use of your browner if sites don't allow me to view them?

If sites don't allow access with Tor there is not much we can do besides asking/pressuring them in doing so, alas. But you can use Tor Browser for getting its privacy and security features on sites that *do* allow it. And those are the vast majority on the web.

And if you really really need to visit that particular site, you might consider buying a Raspberry Pi, a very inexpensive computer (the size of a package of cigarettes) which doesn't work with Tor but can be used to surf to the few places where Tor can't take you. You ISP and all the spooks will know where you surf with the Pi, but if you don't use it too much it might be safe.

Anonymous

February 03, 2019

Permalink

Why is the default for NoScript allowing all options?.. that's now more relaxed than trusted!!
Switching from off by default to on by default is dangerous.. and resets to that each time tor is started; surely this is not intentional by those with Tor's core interest at heart.
=> Linux: Tor 8.0.5 + NoScript 10.2.1 => Tools.Add-ons.NoScript[Preferences]

Anonymous

February 03, 2019

Permalink

HTTPSE doesn't update its rulesets during update. Now it is of version 2019.1.7, but rulesets are from 2018.9.19.

How do you check that the rulesets are not updated during the browser update? The UI in HTTPS-Everywhere seems only to indicate when the last update via the HTTPS-Everywhere *built-in* functionality happened. At least that's how I would read it.

If you mean "how to disable javascript in Tor Browser", left click on the onion icon (top left corner of TorBrowser window), choose "Security Settings", then choose "Safest".

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

2 + 6 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.