New Tor Browser Bundles with Firefox 17.0.5esr

All of the Tor Browser Bundles have been updated to the latest Firefox 17.0.5esr.

Tor Browser Bundle (2.3.25-6)

  • Update Firefox to 17.0.5esr
  • Update NoScript to 2.6.59

Tor Browser Bundle (2.4.11-alpha-2)

  • Update Firefox to 17.0.5esr
  • Update NoScript to 2.6.59

April 05, 2013


Re downloading, is it safer from a normal browser or within Tor?
Thinking of the attraction that running exit nodes (or nearby institutional servers?) must have for doing MITM.

If you do not want your ISP or network admin to know that you are downloading TBB, then you will have to download it via Tor.
(And to hide your usage of Tor, you will probably need to use bridges and/or a VPN)

Otherwise, downloading over a direct connection is preferable because it will be much faster and will also spare the already-strained Tor network some unnecessary additional bandwidth.

Obviously, downloading anything over Tor carries risk of packet injection from rogue nodes but this shouldn't be much, if any, of an issue if you verify the integrity and authenticity of the download properly w/ the GPG signature (which you always should).

"https = integrity and authenticity"

HTTPS/SSL has been shown time and time again to be quite weak and vulnerable.

Check the HTTPS certificate fingerprint to defend MITM attacks via SSL Interception.

I found this page about SSL Interception and how to defend it, a MUST READ:

SHA1 Fingerprint:



April 05, 2013


After installing Tor Browser Bundle 2.3.25-6 Vidalia tells me that I am connected to the Tor network but the browser gets no connection to any addres.

Happening to me also. Took comando off and using zone alarm, still happening? Tor was working earlier on the old version?


April 05, 2013


For some reason all the pictures anywhere I go on the browser have their colors distorted. Pink is the dominant color blue being secondary but nothing looks like it should, it's like watching scrambled cable channels back in the 90's. Any idea what's going on?


April 05, 2013


Checksums (GNU/Linux)


f8dff6706bc77b75091bb47efab54e162649efaca4ae23f85ea2aede420f5dde tor-browser-gnu-linux-i686-2.3.25-6-dev-en-US.tar.gz
1e1d1685461e8c088a08dd196420319d tor-browser-gnu-linux-i686-2.3.25-6-dev-en-US.tar.gz


April 05, 2013


I have complained about this before, but since the problem still persists I post my previous message one more time here:

My Slitaz Live CD still uses gtk+ 2.16.5 and there's no way to upgrade gtk+ as this would mean to rebuild practically the entire distribution from scratch. Unlike TBB 2.3.25-2 this latest version of TBB no longer works for me because once again (it has happened before) someone has built the bundle using a later version of gtk+ ... undefined symbol: gtk_widget_set_can_focus

... and I'm wondering why? Shouldn't TBB function in the greatest possible number of environments? Unless there are security issues with older gtk+ versions I see no reason why you are using a version that leaves some of your users behind. Firefox 17.0.5esr works perfectly on my computer. If Mozilla can do it, why can't the Tor-Project?

I think the Tor-Project should be using a dedicated, well specified and standardized build-box to produce its browser bundles so that the outcome no longer depends on who happens to run the build procedure. It would also be a good idea to publish minimum requirements along with the change log for each new TBB.

I too am experiencing this problem and it's really frustrating. I have no ability to update my packages and am thus forced to use an older version of TBB. I really only need the updated Firefox. Hopefully some Dev will consider addressing this issue for people with older systems.


April 05, 2013


After get and install obfsproxy 2.4.11-alpha-2 of Linux, I still get the warning of update from the Tor button.

Perhaps (some of) the new packages carry no updates at all? Have a look at a the post just below yours regarding md5 sums and also at another one further below (which begins with: "It appears that at least one release of tor-pluggagle-transports hasn't been actually updated.[...]")


April 05, 2013


The MD5checksum of tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz and alpha-1 are the same


April 05, 2013


Changelogs for Firefox 17.0.5 ESR

MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)


April 06, 2013


Windows => Tor Browser Bundle

For several versions now I get "There is a security update available for the Tor Browser Bundle." message even AFTER updating,

The only way to get rid of this message is starting Tor directory from scratch, reimporting bookmarks, reinstalling extensions.

Can you please fix that? It's annoying, really.

What do you mean by "starting Tor directory from scratch, reimporting bookmarks, reinstalling extensions"?

>>What do you mean by "starting Tor directory from scratch, reimporting bookmarks, reinstalling extensions"?

Yep, exactly. As I don't know what setting is misconfigured when updating, I delete the old Tor directory and start with a fresh one.

"Exactly what? Anyway, you're supposed to extract Tor Browser Bundle without overwriting old versions."

If this was true, Tor Browser Bundle would be utter crap. And it shouldn't be called an "update" then as updates are meant to update an existing app without destroying its configuration.


April 06, 2013


The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

How exactly do I fix this?

I also have this question.

I don't have an "always on" connection but have to connect manually to the Internet. The Internet connection software will run another application upon connection to the Internet if a path is specified. In order to have the Internet connection software locate the TBB in the proper directory, I had to change the path of the TBB in the torcc file to the specific path and not rely on the default path. I then get the aforementioned error message.

It would be nice if this could be fixed.

Is that "internet connection software" something provided by your ISP? You probably don't need that software at all. Also, even if you do need it, you don't have to have it automatically start Tor.

If I leave the connection open all the time, the ISP terminates the connection, so I have to re-connect.

Yes, I can leave TBB running all the time, but it consumes a large amount of memory, so it's not an ideal solution.

Nobody said anything about leaving you connection on or leaving TBB running all the time. Try connecting to your ISP without using "connection software." You can disconnect any time you like. Also, be skipping the software, you won't have to stop it from trying to auto-run TBB.

It's frustrating to see the 'please no unhelpful advice' when you failed to provide requested information about the problem you're creating with your elusive 'software.'

I'm getting a similar problem. My ISP is Time Warner in NYC. Tor successfully opens a circuit. The TorBrowser successfully loads But when I try to load any other page, even, I get "The proxy server is refusing connections. Firefox is configured to use a proxy server that is refusing connections."

I know I ran Tor successfully a few months ago. I didn't need it then so I uninstalled it. I wanted to play with it again today so I downloaded the latest bundle and re-installed. Now I get this.

I would be grateful for any help.

First, thanks to Erinn and all other dev's for your work.
Second, I'm no developer but this is how I solved my problem with
"The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections.".

Since the last updates of TorBrowser, the ControlPort and SocksPort have changed.

Try this:

  1. Make sure that you have stopped Tor with Vidalia Control Panel.
  2. Check your torrc file. (FAQ: )
  3. Create a backup of your torrc file.
  4. Make sure the values for ControlPort and SocksPort are:
    1. ControlPort 9151<br />
    2. SocksPort 9150<br />
  5. Also in your torrc, check if you have a HashedControlPassword ? If so, try to delete this line completely. (Which is why you need a backup.)
  6. Save your edited torrc file.
  7. Check other settings in TorBrowser and TorButton, the values should be the same for each keyword.
  8. Close your editor and try to restart Tor from Vidalia Control Panel.

If this fails, paste the HashedControlPassword back to your torrc file from the backup.

If that also fails or if my post contains any errors, please improve my suggestion. Someone already suggested that one should try to install TorBrowser from scratch, which is also a good idea.

I also think that some developer needs to address this issue in the FAQ and in the blog since so many have this problem.


Didn't work for me... but can't improve your suggestion... TBB worked for me fantastically until a couple of months ago after I updated it... Hope the dev's fix it up soon...

Sorry to hear that.

The first time I got this problem it took me 10 hours to solve, which made me a not so happy camper...

I was reluctant to go through this process again, but since so many had a bad experience with TBB - I tried once more to replicate the problem solving process.

What I found was that to replicate this problem I had to have an (old) copy of TBB based on Firefox 10, and try to extract 1705esr over it. Applying the solution above, did not work! The TBB reset the old values for port numbers no matter how many times I tried. It was only when I closed TBB after setting the new values for port numbers - and then restarting TBB, that the new values were "remembered" and the "The proxy server is refusing connections" problem went away. This time I solved the problem in 3 hours. (So, yes this release seems to be borked in this aspect.)

But, as previously stated: installing TBB 1705esr or 1706esr in a "fresh" directory works instantly!

Some have reported issues with keeping old bookmarks, settings or addons.
Bookmarks and settings (NoScript, Adblock Plus) can be exported to a separate directory and then imported into the "fresh" TBB. Can't say anything about other addons.

But the good news is that installing TBB 1706esr over TBB 1705esr works without a hitch! (For me at least, hope it works for you also.)


Hi...same problem but I'm really green at this hi-tech stuff. Perhaps you wouldn't mind giving an old man some help?

I really like this overall privacy idea. However it is stretching me almost to despair when I encounter errors like this. I spent hours yesterday trying to learn things I never dreamed I would have to know just to acquire some basics! Then when I wasn't getting answers (because there isn't a way that I saw open to me so I could inquire about this issue) I did a search from StartPage...because of course I couldn't use my Tor Browser. It thankfully brought me to your Tor Blog Post. I am still in the dark but now at least I've got some hope of getting answers!

I've been a TorProject member for less than a month and of course I was told that a chimp could get this privacy world up and running in nothing flat. Now you know my category! When you say you "closed TBB after setting the new values for port numbers" could you explain that? My SocksPort is 9050 and my Control Port is 9151. I guess that came with my TBB version? So if I already have the new values why am I getting this "Firefox is configured to use a proxy server that is refusing connections" message? This has disabled me and I don't seem to have anywhere else to turn except this blog.
Dr. D

For those who are less techsaavy but worried nonetheless, here is where to find stuff the aforementioned...
The ControlPort is in the Vidalia Control Panel>Settings>Advanced>Address
The SocksPort is in the torrc file (found by going to where step 2 takes you, particularly), right-click open, then select notepad if on Windows.

I made sure these two ports were right first, saved, and did not have to delete the HashedControlPassword line, but if you do, it is also in the notepad torrc document you just opened to check on SocksPort.

Thanks to everyone here for helping me figure out how to get tor

This is how I solved this problem:
1. deleted the entire "TorBrowser" directory.
2. re-install (extracted the bundle to where it was before).

problem solved..

This is most likely a pure interim solution, and no idea why it works but:

Go to the directory Tor is installed -> Apps -> Tor.exe.

Then Open "Start Tor Browser" through the regular way and it works.


April 06, 2013


Where is simple program in C
"hello world of onion".c

Simple server and simple client. With check tor, hidden services etc.

There is . Also, if you can connect to any hidden service, most likely your Tor is working. I don't know of any C code out there that you can use to plug into something that you're doing.

Maybe that could be something to make checking your Tor connection lighter weight that the http request to torcheck.