New Release: Tor Browser 8.5a2

Tor Browser 8.5a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Note that like in the 8.0.1 release, we just picked up the necessary patches this time but did not bump the Firefox version to 60.2.1esr as we needed to start building before Mozilla was ready. Thus, users are fine with Tor Browser 8.5a2 even if the Firefox version says 60.2.0esr.

This alpha version contains the same bug fixes and improvements introduced in version 8.0.1. In addition we are updating Tor to, and are fixing some 8.0 issues:

Update: there is some issue with the Windows version of Tor Browser 8.5a2. We have disabled the update to 8.5a2 for Windows users until that issue is fixed.

The full changelog since Tor Browser 8.5a1 is:

  • All platforms
    • Update Tor to
    • Update Torbutton to 2.1
      • Bug 27097: Tor News signup banner
      • Bug 27663: Add New Identity menuitem again
      • Bug 27175: Add pref to allow users to persist custom noscript settings
      • Bug 27760: Use new NoScript API for IPC and fix about:blank issue
      • Bug 26624: Only block OBJECT on highest slider level
      • Bug 26555: Don't show IP address for meek or snowflake
      • Bug 27478: Torbutton icons for dark theme
      • Bug 27506+14520: Move status version to upper left corner for RTL locales
      • Bug 27558: Update the link to "Your Guard note may not change" text
      • Bug 21263: Remove outdated information from the README
      • Translations update
    • Update Tor Launcher to
      • Bug 27469: Adapt Moat URLs
      • Translations update
      • Clean-up
    • Update NoScript to
    • Bug 27763: Restrict Torbutton signing exemption to mobile
    • Bug 26146: Spoof HTTP User-Agent header for desktop platforms
    • Bug 27543: QR code is broken on
    • Bug 27264: Bookmark items are not visible on the boomark toolbar
    • Bug 27535: Enable TLS 1.3 draft version
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
    • Backport of Mozilla bug 1490585, 1475775, and 1489744
  • Windows:
    • Bug 26381: about:tor page does not load on first start on Windows
  • Linux:
    • Bug 27546: Fix vertical scrollbar behavior in Tor Browser 8 with Gtk3
    • Bug 27552: Use bundled dir on CentOS/RHEL 6
    • Bug 26556: Fix broken Tor Browser icon path on Linux

September 25, 2018


After installing Tor Browser 8.5a2 x64 clean or after updating Tor Browser 8.5a1 x64 in Windows 10 x64, Tor Browser has stopped working and do not start.


September 25, 2018


Hi. After clean installing Tor Browser 8.5a2 x64 it does not start in Windows 10 x64. Same for updating Tor Browser 8.5a1 x64 it does not start in Windows 10 x64.

Сигнатура проблемы:
Имя события проблемы: APPCRASH
Имя приложения: firefox.exe
Версия приложения:
Отметка времени приложения: 00000000
Имя модуля с ошибкой: xul.dll
Версия модуля с ошибкой:
Отметка времени модуля с ошибкой: 00000000
Код исключения: c0000005
Смещение исключения: 000000000174cc85
Версия ОС: 6.3.9600.
Код языка: 1049
Дополнительные сведения 1: 67a5
Дополнительные сведения 2: 67a5925b808e2deb9056b140f1584392
Дополнительные сведения 3: 2dc5
Дополнительные сведения 4: 2dc5a94cc6ee4c551d9cafc70f50c162

Microsoft Windows (8.5a2) / English (en-US) 64-bit - Crashed on Win 8.1 x64

Another thing I notice is the cloudflare captcha page appearing more and more often. To the point where tor is becoming unusable

Same here. Even with pages with no problem in the past.

Same here, but bypassing it by making new tor circuit for this site. Needs a couple of clicks but works.

It seems cloudflare had a trick to detect Tor Browser connections and use alt-svc onions. I guess the update broke their trick, and we're back to the captcha shit.

So, we have to wait them to fix.

Same. One website I used to frequently visit is setting me through constant cloudflare things. Often I can not get past those as they count valid captchas wrong.

I think we have similar problem, and until today cloudflare thingy is running wild

Same here! Super annoying

So just doing some additional research on this - given cloudflare's latest press release - is that almost every site I went to (including cloudflare's or Akami's blog on the issue) were all blocked. Cloudflare by the usual captcha and akami just blocking outright.


8.5a2 alpha crashed through both the in-browser update and after installing .exe from Tor's repo on W1nbox.

I forgot exactly what the error message was, but it might have been something like BEX? If I have more time [& patience] later I'll re-install it so I could provide more details.

Also, for the past several releases whenever I quit [menu ---> exit], I receive an error; I think I get a not-responding message when attempting to shutdown the browser above a certain working memory allotment, as I don't have much RAM available; I remember seeing xul.dll along with another one in the past.

mozglue.dll also

Help! I've seen the Onion Circuits in the new "(i) hamburger" menu (left of URL) in TB on Windows, but still can't see it on Debian. There are only the "websiteXX Secure Connection" and "Permission" entries shown. It's been the same in the last 2 or 3 TB versions, and not just 8.5a2.

How is your setup on Debian? Are you running Tor Browser as we ship it from our download site?

This Debian runs in one of the popular VM setups. Yes, taken from your download site.

Do you get error messages in your browser console (Ctrl+Shift+J) if you try to open the circuit display?

Error: Permission denied to access property "log"[Learn More] log.js:1:1
Error: Permission denied to access property "ns"[Learn More] dynamicNS.js:6:5

Are your X.Xa1 releases affected by Mozilla's
if 'a1' in milestone:
is_nightly = True

No. That milestone check looks at config/milestone.txt and there only the ESR version numbers show up.

What about this issue?

UserAgent from header
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

User Agent from JavaScript
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

tbb 8.5a2 (based on Mozilla Firefox 60.2.0esr) (64-bit) on Linux

Tor Devs explain me and you it's better TBB is producing spoofed
UserAgent with HTML and UNSPOOFED with Javascript .

Eh ...i don't understand why and they don't explain why this ....should be a really good idea. ?.

Thi is NOT anonymity.

This is a long list of fixes. Thank you so much!

Add on homepage of TB!

Hey! Add Tor Check on homepage of TB! I am very afraid of new Quantum TB. I think new firefox engine is a huge step back!

Tor browser 8.0.1 in Linux cannot be cleanly closed, takes a while until closed, seems to crash. Noscript settings never not saved. Also while tor browser still running normally, export settings button of noscript does nothing. Problem appeared since new noscript GUI.

What gives you the impression that it crashed? Regarding the NoScript bugs: we have two tickets for that

We currently test a fix for the issue that NoScript is not saving settings in our alpha releases. Let us know whether that works for you (note that you need to flip the extensions.torbutton.noscript_persist preference to activate that feature now).

Main process is unable to exit and autocrashes by timeout sometimes.


I have noticed that in browser 8.0.1 for Linux Debian 64 bit, that after the browser loads, it is stuck not being able to do anything for 20-30 seconds before it starts to work.

Also when commenting here on another post the other day, after posting the page load loops endlessly...

You've basically ended the usability of Tor by the inclusion of the absolutely terrible new NoScript. It doesn't seem to save settings, its function has to be "inferred", simple and integral functions are lacking, and it does random stuff on its own (I said it doesn't save settings, but some site was randomly marked as "Custom" and allowed for no reason). The old UI was straightforward and worked just about flawlessly, the new UI is the most incompetent app design I am forced to "allow" to put up with anywhere. NoScript is the worst of its kind in this iteration. And you including this thing seems like a deliberate attempt at self-undermining. I don't know what's going on in the heads of the developers, they are useless now, trying to be "hip" and "different", but at least other developers with a high security concern should be able to see how bad it is.

Unfortunately, Tor Browser's devs are not "developers with a high security concern".

I'm having a problem where tor does not respect my gtk3 settings. I like to sort folders first, but default gtk3 behavior is to sort everything alphabetically (mixing folders and files together). I used dconf-editor to change the option, which worked before Tor 8.0. However, whenever I run tor 8.0.1, it changes gtk3 settings back to the default. Tor refuses to respect my gtk3 preference of sorting folders first when saving a file with the file chooser dialog.

It's also possible to right click on the save dialog window and choose "sort folders first", but Tor still refuses to respect the setting and changes it back the next time I try to save anything.

Thanks, I opened to track this on our side. It would be interesting to know what happens with Firefox 60 ESR on your system. Does it respect your settings or is this actually a Firefox issue? See: for some test bundles.

It seems clear to me that you have deliberately broken Tor. First of all, your own, this very, blog doesn't even work but has erratic loading issues whenever one tries to use the comment function. But this minor, but very clear symptom aside, the "new" NoScript's UI is so blatantly bad that I seriously think this speaks of psychological disorders on the side of the developers (megalomania and other delusions being part of them, with a loss of basic logic and competence), and I think any other company choosing it, let alone one specializising in high security and encryption, must be a deliberate choice to undermine the program and its purported purpose.
NoScript by now is easily one of the worst scriptblockers - I would never choose this above any other addon anymore. The reasons are too numerous, like it doesn't save settings, lacks basic functions, , its functions must be "derived", possibly by trial and error, because they are so badly presented, and it even makes random choices, like arbitrarily choosing "Custom" for some sites and temporarily allowing them, which directly compromise security.

The point remains that it's so terrible, and such a worsening compared to the straightforward, nearly impeccable previous UI, that this shows a deliberate attempt to undermine Tor internally - or at least that the loss of sanity and competence is not restricted to the developers of dreadful plugin (one of the worst of its kind now).

It seems clear to me that you have deliberately broken Tor.

Maybe this is some kind of warrant canary?

mojave mac os update rendered tor (newest stable) useless...

any fix or is this an iOS problem.
tor worked fine on high sierra 10.13.6 if I'm correct.

any ideas? thanks.

What is happening? Do you get error messages? Note that I opened on our bug tracker. Could you test a normal Firefox 60 ESR on your mojave testing and check whether that one is working? You'll find images to test on

Why has Tor apparently been ruined with Cloudflare/CAPCHA??!
Like the crap (below), frankly.....

Probably because you don't write to the site owners asking them to whitelist T1 (Tor). Third of the companies I emailed to regarding the blocking issues have changed their filters within days.

Can't run on win7 x64 vm after installing, So I have to reinstall a1 to report this issue.
And I didn't find the event log. It just stop running.
Hope you guys can fix it soon.

Thanks for reporting. Yes, this will be fixed in the upcoming 8.5a3 release. W track this issue in