New Release: Tor Browser 9.5.4

Tor Browser 9.5.4 is now available from the Tor Browser download page and also from our distribution directory.

This version is expected to be the final version of the Tor Browser 9.5 series. Watch for Tor Browser 10.0 near the end of September.

This release updates Firefox to 68.12.0esr, NoScript to 11.0.38, and HTTPS Everywhere to 2020.08.13.

Also, this release features important security updates to Firefox.

Note: The Tor Browser OpenPGP signing key was recently updated. Be sure you have the updated version when verifying the OpenPGP signatures

The full changelog since Tor Browser 9.5.3 is:

  • All Platforms
    • Update Firefox to 68.12.0esr
    • Update HTTPS Everywhere to 2020.08.13
    • Update NoScript to 11.0.38
  • Windows + MacOS X + Linux
    • Bug 40019: Onion-Location should not be processed on .onion webpages
  • MacOS X
    • Bug 40015: Tor Browser is broken on MacOS 11 Big Sur
Anonymous

August 25, 2020

Permalink

NoScript Why are the default boxes in NS ticked? The first thing I do is to go into default and delete the ticks leaving the option blank with the exception of the first otherwise the web pages do not work. There is probably a simple answer which I do not know as I am not a technician

cheers

PS for those who read my unanswered question in the 9.5.3 update FF v80 is working outside TOR when V79 did not work for me

cheers again

The default options of NoScript change when you change your security level in the shield icon. Do not change the options through NoScript's interface unless you accept that it will make your traffic look less like other users and more trackable. The "first tick", widely called a checkbox, allows JavaScript and is ticked by default when you change your security level to Standard or Safer. Change your security level rather than changing NoScript.

Since long ago, Tor Browser hides NoScript's icon in fresh installations because it was the source of many problems including that novice users were unwittingly making themselves less anonymous and that NoScript is very complicated at first to use. Its icon can be dragged onto the toolbar by selecting "Customize..." in the main menu or right-click menu on the toolbar.

Anonymous

August 25, 2020

Permalink

When will Tor allow us to edit our "OS strings" before this was possible to do by going straight into the "about:config" settings and editing the strings so our operating system and version info would not show. This is a privacy and security risk and has been for awhile now and still nothing has been done about it?

It is not a privacy risk, your computer is in the same bucket as every other user with the same operating system. The security argument is very minimal - yes, you can lie and maybe you will be sent a vulnerability exploit for another OS (or arch), but this likely makes you unique among all Tor Browser users.

Anonymous

August 25, 2020

Permalink

The attempt to create human readable addresses by partly centralizing the service is just a slippery slope towards the status-quo of the clearnet.

How about just integrating eschalot into Tor Browser's home page? When someone opens the browser they might get an option to generate an address like so...

fledarmyusertvmu.onion
wifefeelkillwovk.onion
ladyfirehikehs66.onion
woodcubabitenem2.onion

MORE INFO HERE - https://security.stackexchange.com/questions/29772/how-do-you-get-a-spe…

There are ways to easily deal with this problem that do not require centralized authorities.

Anonymous

August 25, 2020

Permalink

Hello. Sorry, I think I lost my comment here. I'll try again. I installed TBB 9.5.4 and had the same problem that I did with TBB 9.5.3. That is: "The bookmarks and history system will not be functional because one of Firefox's files is in use by another application. Some security software can cause this problem.". Bookmarks and history were not present. The same fix worked for TBB 9.5.4 as it did for TBB 9.5.3. I deleted the browser folder, disabled my antivirus and reinstalled TBB 9.5.4. All was well with the new installation, antivirus was re-enabled and no more problems were found. Thanks for the new TBB.

It would help if you link to your original comment. I assume this is it.
https://blog.torproject.org/comment/288886#comment-288886

> disabled my antivirus

Yes, someone else reported that disabling their virus scanner resolved the problem for them, too.
https://blog.torproject.org/comment/288901#comment-288901

Other people quoted the error message but apparently didn't read it, didn't understand it, or didn't follow through with disabling their security software as it implied.
https://blog.torproject.org/comment/288854#comment-288854
https://blog.torproject.org/comment/288912#comment-288912
https://blog.torproject.org/comment/288914#comment-288914

Oddly, Mozilla's support page for the error doesn't suggest doing what the error itself implies. Namely, disable security software.
https://support.mozilla.org/en-US/kb/fix-bookmarks-and-history-will-not…

But the problem continued for you in 9.5.4, so this Tor blog post needs a note added to it.

Anonymous

August 25, 2020

Permalink

Hi, Tor is great but ever since updating I can't enable javascript with NoScript. I try to click the button in NoScript that says "Override Tor Browsers Security slider level preset", but there's nothing that works. I tried to use NoScript on a colleague's machine with different OS but the same happens.

Please fix.

Anonymous

August 25, 2020

Permalink

When i try to download 32bit Windows version i got this:

ESET Internet Security
Threat removed
A threat (Suspicious) was found when Firefox tried to access a website (dist.torproject.org).
The access has been blocked.

Windows 64bit version is OK to download. What's the problem with 32 bit version?

It could be a false positive. 32-bit anything are not popular downloads, so they are reviewed less in virus signature databases than 64-bit programs. Add Tor Browser's firefox in your antivirus whitelist, and use GPG to verify the PGP signature of the 32-bit exe installer.
https://support.torproject.org/tbb/antivirus-false-positive/

Anonymous

August 26, 2020

Permalink

Hi Team,

When I select "Temp. TRUSTED" in NoScript extension, the page reloads as expected, but the Javascript for the page doesn't work. I've tried multiple things. There's a little checkbox to tell Tor to override settings but that isn't working either. Maybe I am I doing something wrong? Or is this normal? I want to be able to continue to block Cloudflare, Google, Amazon, Facebook and Microsoft from loading scripts, as well as others that serve little use.

Isn't this fair and simple use of NoScript a good thing for privacy, especially if it reduces the tor traffic that might be used to track or identify me?

Anonymous

August 26, 2020

Permalink

When I go to the Tor download page for android it downloads the 9.5.3 apk and not the 9.5.4 apk.
Please fix this.

Anonymous

August 26, 2020

Permalink

Can you please put a short version of the signing key on the site for download? There's like a bajillion signatures on it and my phone has been importing for 20 minutes now...

Anonymous

August 26, 2020

Permalink

I am running the latest version of Whonix. The TOR autoupdate from 9.5.3 to 9.5.4 resulted in my logins.json becoming logins.json.corrupted and I lost all of my logins and passwords. Lucky I have a backup of some....

This was not a good experience :D

Anonymous

August 27, 2020

Permalink

Prioritizing onion sites is a real pain in the ass when someone wants to share links.

Anonymous

September 07, 2020

Permalink

NoScript auto-updated today, September 7, and interrupted my traffic. Please show a notice mark or a confirmation now/wait before it updates if its permissions are customised and will be suddenly reset in the middle of an identity session.

Another thing, the lines of per-site permissions in the icon were not showing after it updated unless I moved my cursor over them. After I restarted tor browser, the lines showed all at once properly. They may have done so if I had started a new identity which I didn't try. Linux 64-bit.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

7 + 6 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.