New Release: Tor Browser 8.0.8

Tor Browser 8.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

The main change in this new release is the update of Firefox to 60.6.1esr, fixing bugs found during the Pwn2Own contest.

The full changelog since Tor Browser 8.0.7 is:

  • All platforms
    • Update Firefox to 60.6.1esr
    • Update NoScript to 10.2.4
      • Bug 29733: Work around Mozilla's bug 1532530

No. We are currently testing the new OpenSSL version in the alpha series. The main reason this got not included immediately in stable is that the fixed issues in OpenSSL are not affecting Tor.

khled.8@hotmai.com

April 23, 2019

In reply to by Anonymous (not verified)

Permalink

Yes

Every time i start Tor it just says its waiting for Tor to start but after a few minutes it says it cant connect to the Tor control port. I have this issue since a few days ago. Anybody knows whats going on? What can i do?

Do you have some other Tor process still running in the background or some other process that is blocking the connection to the control port?

Have you blocked many nodes/countries on config file? Are you using any bridges?

I got a similar problem. Since the weekend it takes much longer then normal to connect to the Tor-Network. If the browser finally is connected, it takes forever to download a website. I didn't changed a bit on my system. So whats the problem?

@Hansi
Your problem might not be the same. Yours sounds more like traffic congestion on your first node (your guard or bridge). In the address bar, click the (i) or padlock to see your circuit of three nodes. See if Relay Search says anything. https://metrics.torproject.org/rs.html

Also having trouble. Not in EU but my guard is. Article 13 strikes Tor?

I'm moving the entire internet to Tor. I don't work on Sunday's but I'll start my duty on Monday morning.

neat! thanks for all the hardwork, Tor team!

Internet Download Manager causes TOR not to boot........

why is tor broken

Could you please provide more information about the issue you're experiencing? What is the specific problem you're running into? What actions did you complete before the issue occurred? Are you using Tor Browser for desktop, or are you using Tor Browser for Android? Do you see any error messages?

Just updated Tor. I use DuckDuckGo within Tor. With update, every web search requires a Noscript verification for trust. Is that expected or did the Noscript update that came with the Tor update automatically set that? I didn’t use to get that previously.

This is not expected. I opened a ticket for this issue:
https://trac.torproject.org/projects/tor/ticket/29872

thanks

gk

March 25, 2019

In reply to by Winters is coming (not verified)

Permalink

Should be fixed after you update NoScript in your Tor Browser.

First off, thanks for the great work that enables people around the world to evade censorship and surveillance.

Now, a question: is it possible to permanently disable or block NoScript's XSS warnings by default?

You could disable that by disabling the XSS feature in NoScript's settings.

That did the trick. Thanks.

ok gooood

How to download this browser ?

boklm & gk, et' al , Thank you for your fast work !

Does this update include Firefox fixes for the security-holes exposed in Pwn-2Own-2019 ??

The security issues disclosed during Pwn2Own were two JavaScript bugs, and two sandbox escape bugs. The JavaScript issues have been fixed by this release, but the sandbox escape bugs will require more work from Mozilla and will be fixed in one of the following releases.

Thank you boklm, you and Team-Tor save the lives of Journalists and NGO's around the world!

Many thanks to the Tor Browser team (and even Mozilla and Pwn2Own) for addressing this issue!

Given that the sandboxing issue is not yet fixed, how vulnerable do you assess TB users to be when they set the security slider to "Safer" until Mozilla fixes that issue?

CAPTCHA

my 360 total security detected a trojan on start up when using 8a58 . it tried to auto update on start up to 8a59. jut thought i would warn people

Has that happened for you with previous alpha versions? Heuristics of scanners sometimes alert on bleeding-edge software if those scanners haven't received updates to recognize them. Alpha versions are more likely to be unrecognized. Scan it again in another week or so after updating your scanner's definitions. Or if you don't need the alpha, just use the standard release.

Remember to verify PGP signatures by downloading the sig file from the link under the button on the download page. https://www.torproject.org/docs/verifying-signatures.html.en Also search the web for PGP or GnuPG guides to verify signature files. Many open-source projects ship sig files with their programs, so verifying them is a good skill to learn and to practice.

NoScript v10.2.5 released - https://addons.mozilla.org/en-US/firefox/addon/noscript/

v 10.2.5

[XSS] Improved detection of privileged origins,

(fixes an about:tor to DuckDuckGo false positive)

NoScript Change log - https://addons.mozilla.org/en-US/firefox/addon/noscript/

I was worried when I saw 3 new options in NoScript's settings after the addon updated, but then I was relieved to find that the NoScript change log contains many changes made for Tor and says those new settings are set to defaults specially for Tor. I am happy Giorgio and Tor Project are partnered closely so the asynchronous updates of NoScript don't harm Tor Browser's privacy. Thank you, Giorgio and Tor Project.

Yes, excellent work by the Tor team. Well done people!

Tor been acting odd for months so today on a whim I stoped by ip-check.info an what I saw was, well, not what I would have expected. RED, everywhere it was RED. Funny thing is after going back again and again all is green, almost. It seems Tor is working better as well, why is that?

Windows 32 bit, updated 4 maybe 5 times.

Hard to say. Is that bad behavior reproducible on your system? If so, could you give us steps to do so? What do you mean by "after going back again and again all is green"? What exactly did you do?

I ment after restarting Tor again an again to see if I could reproduce the same outcome. Next time I will be sure to get a screen shot. As of right now ip-check.info says I am using Tor in green instead of red.

ip-check.info currently tells me in red that I am not using Tor, although I am, and the ip it gives me is a relay.

So it seems ip-check.info sometimes has issues to detect Tor ip addresses.

Thank you. I personally never had a problem at that site before (always green) but its good to know I am not alone at lest. heh

ip-check.info is outdated.

I am using an old Tor Browser Version becaus of my old Windows version. Since this weekend the browser is basiclly useless. I can start it, but the connection to the Tor Network takes much longer than normal. After the connection is etablished, it takes forever to load any website. The Protokoll says:

25.03.2019 09:35:46.600 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop
25.03.2019 09:36:22.000 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit
25.03.2019 09:37:09.200 [WARN] Your Guard bonjour1 ($D80EA21626BFAE8044E4037FE765252E157E3586) is failing a very large amount of circuits. Most likely this means the Tor network is overloaded, but it could also mean an attack against you or potentially the guard itself. Success counts are 110/226. Use counts are 85/85. 113 circuits completed, 0 were unusable, 2 collapsed, and 121 timed out. For reference, your timeout cutoff is 60 seconds.
25.03.2019 09:37:22.200 [NOTICE] No circuits are opened. Relaxed timeout for circuit 1 (a General-purpose client 3-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway.

Whats the problem?

https://metrics.torproject.org/rs.html#details/D80EA21626BFAE8044E4037F…
In the log you pasted, your first node (Guard) is named bonjour1, and its fingerprint is the capital hexadecimal string. Enter either of those in the Relay Search or click my link. Look at the "6 Months" history graph at the bottom. The bytes-per-second lines fell sharply after March 22. Something is affecting that guard node. I don't know how to change your guard node except by reinstalling Tor Browser or setting the Bridge options.

> I am using an old Tor Browser Version becaus of my old Windows version.
If Windows 7+ is not possible or wanted, try writing a Live USB or a Live DVD of a Linux distribution such as Tails or another listed in the right-side ranking column on distrowatch.com or search for one by attributes: https://distrowatch.com/search.php A Live distribution runs totally in RAM and will not write or change your hard drives or SSD. You can boot into the Live distro, try it out, shut down, remove the USB or DVD, and boot again to return to your original OS. It won't write or install itself to your HDD or SSD unless you tell it to. Machines exposed to the internet should not be running an outdated OS.

I'm getting the same problem, and the log message with the same guard node (bonjour1). Anyone know how to force Tor to switch to a different guard node?

Solution found (at least a little workaround): start your tor browser, Tor sais "Tor-Kanal wird hergestellt/Tor channel...." (I use the german version), wait a few seconds, disable your internetconnection but keep your Tor-browserwindow on screen, enable your internetconnection, press the "verbinden/connect" button in your tor-browser. It seems Tor will now use a diffenernt node. Unfortunately this only works ones. If you close and start your Tor-Browser again, you have still the same problem and you have to do the same procedure again.

Sorry for my bad english :-)

On the one hand, I want to say it shouldn't be allowed to fail hard -- that it should lookup a new guard if it can't connect to the one it used the previous time. But on the other hand, what if you're up against a state adversary who wants you to connect to guards deployed by the state? If it automatically looks up another, it would keep trying until it chooses one the state allows you to connect to, and you wouldn't have a clue of the difference from looking at the connection progress bar except that it took a little longer. It should not be easy to get a different guard node. If it was made easy, there should be a massive warning message.