New Release: Tor Browser 8.5a3

Tor Browser 8.5a3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr. Thus, users are fine with Tor Browser 8.5a3 even though the Firefox version is 60.2.1esr.

Furthermore, this release fixes Windows startup crashes and makes Tor Browser more compatible with the new macOS 10.14.

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. The most important current issues are:

The full changelog since Tor Browser 8.5a2 is:

  • All platforms
    • Update Firefox to 60.2.1esr
    • Backport fix for Mozilla bug 1493900 and 1493903
  • Windows
    • Bug 27865: Tor Browser 8.5a2 is crashing on Windows
  • OS X
    • Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility
Anonymous

October 10, 2018

Permalink

Torbutton cannot safely give you a new identity. It does not have access to the Tor Control Port.

Are you running Tor Browser Bundle?

you can't do anything with flash player ect..

well, the update works well on my Android device, thank you so much

Can you guys please autoupdate Tor to 64 bit on x64 systems in the next patch?

You mean on Windows systems? That's https://trac.torproject.org/projects/tor/ticket/24196 and we plan to do that although there is no ETA for it. I think first we want to see our 64bit bundles work indeed fine for stable users and if so, we plan to get all 64bit system users upgraded. Maybe for 8.5.

Hrm, this release shows blank pages when security.sandbox.logging.enabled

This is on Windows?

Indeed.

I tested both 64 and 32bit en-US bundles on a Windows 7 machine and surfing works as expected with sandbox logging enabled. Does the same problem show up for you with a stable Tor Browser? Which Windows system are you on?

Hm, it's a Windows 10 issue then. Never mind.

Well, if it is then we should figure out whether it's a Tor Browser one. :) I suspect you used the alpha on Windows 10? Does the same happen if you are using a stable Tor Browser version?

Oh, it seems so, because it works on stable even with level 5 sandbox.

Stable does not have level 5 sandbox enabled due to a bug (see: https://trac.torproject.org/projects/tor/ticket/26381). We are testing a fix for that one in the alpha series and I am trying to understand whether that fix is causing your issue or maybe it's just sandboxing level 5 that is causing the problem. Could you double-check with a clean, Firefox ESR 60.3.0 (https://www.mozilla.org/en-US/firefox/organizations/all/)?

Sure, that's why I set it manually for testing. ESR is also not affected.

The problem solved! It was the advanced security hardening of Windows 10.

05:21:38.408 Failed to import favicon data:[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [mozIAsyncFavicons.replaceFaviconDataFromDataURL]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/BookmarkHTMLUtils.jsm :: insertFaviconForNode :: line 1141" data: no] 1 BookmarkHTMLUtils.jsm:1149
insertFaviconForNode resource://gre/modules/BookmarkHTMLUtils.jsm:1149:7
insertFaviconsForTree resource://gre/modules/BookmarkHTMLUtils.jsm:1177:3
insertFaviconsForTree resource://gre/modules/BookmarkHTMLUtils.jsm:1181:7
insertFaviconsForTree resource://gre/modules/BookmarkHTMLUtils.jsm:1181:7
_importBookmarks resource://gre/modules/BookmarkHTMLUtils.jsm:903:7
next self-hosted:1214:9

When working on THE tor 8.0.2 version of the browser, it is impossible to save the entered list of trusted sites in the NoScript 10.1.9.8 add - on-when you exit and re-enter all the entered data is lost. To view the scripts, I had to turn it off. Is there a problem?

See: https://trac.torproject.org/projects/tor/ticket/27175 where we implemented a fix. Having a custom list of exceptions is generally bad news for you with respect to tracking protection which is why we strongly discourage that and especially if saving those exceptions to disk is concerned. However, we provide a possible way to get this functionality back if one really, really thinks one needs it.

Tor 8.0 still exposes your OS,and Browser Referrer,the strings no longer take effect when you edit them in about:config/agent etc. Tor needs to fix this issue asap as they say they are? I would revert back to 7.5 version if you are worried about your privacy as it still works as a charm without updating to 8.0.

captcha

Why does tor fix the first node where I enter the internet ?
It made me easy to be traced by malious forces and persons!!!
what the fuck are you doing?
Have you tor organization compromised the whole tor project to USA government ?

See: https://support.torproject.org/en-US/tbb/#first-address-relay-circuit for the reasons behind a guard node (which is another name for the first hop in the Tor circuit).

When you think it's a good idea using unfixed Guard Nodes after reading
https://support.torproject.org/en-US/tbb/#first-address-relay-circuit
,it's not, you can use TAILS
https://tails.boum.org

Tor NOTICE: Tor has been idle for 64185 seconds; assuming established circuits no longer work.
Tor NOTICE: Heartbeat: Tor's uptime is 1 day 2:48 hours, with 0 circuits open. I've sent 102.09 MB and received 2.54 GB.
Tor NOTICE: Average packaged cell fullness: 51.691%. TLS write overhead: 5%
Tor WARN: Failed to find node for hop #1 of our path. Discarding this circuit.
Tor NOTICE: Our circuit 0 (id: 570) died due to an invalid selected path, purpose General-purpose client. This may be a torrc configuration issue, or a bug.
Tor WARN: Failed to find node for hop #1 of our path. Discarding this circuit. Tor NOTICE: Tor has successfully opened a circuit. Looks like client functionality is working.

This is a default config of torrc in TBB => this is a bug.

Do you have ways to reproduce it, so that we can have a closer look?

07:21:58.067 TypeError: doc is null 1 ContextMenu.jsm:520:1

13:14:41.919 TypeError: aOldNode is undefined 1 treeView.js:459:9
PTV__getNewRowForRemovedNode chrome://browser/content/places/treeView.js:459:9
PTV__restoreSelection chrome://browser/content/places/treeView.js:510:17
PTV_invalidateContainer chrome://browser/content/places/treeView.js:1106:5
notify resource://gre/modules/Bookmarks.jsm:1289:30
insertTree/< resource://gre/modules/Bookmarks.jsm:561:9
next self-hosted:1214:9
showBookmarkDialog resource:///modules/PlacesUIUtils.jsm:294:5
PCH_bookmarkCurrentPages chrome://browser/content/browser-places.js:527:5
oncommand chrome://browser/content/browser.xul:1:1

13:22:51.996 [Exception... "Component returned failure code: 0xc1f30001 (NS_ERROR_NOT_INITIALIZED) [nsIMessageSender.sendAsyncMessage]" nsresult: "0xc1f30001 (NS_ERROR_NOT_INITIALIZED)" location: "JS frame :: resource://gre/modules/ExtensionUtils.jsm :: sendAsyncMessage :: line 533" data: no] 1 (unknown)
sendAsyncMessage resource://gre/modules/ExtensionUtils.jsm:533:51
_handleMessage/deferred.promise< resource://gre/modules/MessageChannel.jsm:984:9

NoScript is blocking Media on Default!
https://www.youtube.com/watch?v=D54HHf3PsP0

Works for me with my Tor Browser alpha on a Debian Linux machine. How can I reproduce your issue?

Not the video! Don't you see a red number on the NoScript icon?

Hm. Yes, this seems to be a glitch in the NoScript UI as this goes away for me if I e.g. maximize the window. All more a reason to hide the NoScript UI as it is confusing. :)

Hah. But it doesn't mean NoScript shouldn't be fixed. :) How are you going to provide UI for temp. enabling Script/Media/etc here and there (on higher security levels) if you hide NoScript?

We have a proposal for the redesign (https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-s…), see section 2.2 for our current idea.

It would be better to add all the features (SVG, etc) to NoScript and remove Torbutton altogether as it is the only thing (except weird size) that distinguishes Tor Browser from Firefox (visually).

09:57:51.101 Error requesting favicon URL for about:reader content: favicon not found for uri 1 ReaderParent.jsm:33
onRejection resource:///modules/ReaderParent.jsm:33:13

Am I here on the right place for my question?

I have 2 Acer laptops. ES-11. ES1-132-C5XN and Aspire E11 ES3-111-C7Q5. With latest TOR browser updated.

With the last one, I can easily log under TOR in at all websites. With the first one it gives many problems. May be the provider blocks it in Malaysia? Before I also had some problems with bridges connection on the first computer. Meek Azure works the best. But not anymore on computer 1.

Please advise. Should I a clean install ? How do I do so?

hi,

is there a way to make TOR the default browser in windows 10?

thanks,

Andres

I am very disappointed, because there are thousands of links but almost nothing is working. Each time a get the message about a timeout.
Am I doing something wrong? There was already somebody else raising this question some weeks ago but I saw no answer.
Thanks for any hint.

What do you mean? What is happening in your case? And how can I reproduce that?

We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr.

Mozilla versions nightly by appending “beta”
Tor could version the browser with “patched”, like 60.2.1patched.
Otherwise this isn’t a proper version scheme.