Tor Browser 3.5.3 is released

The 3.5.3 stable release of the Tor Browser Bundle is now available on the Download page. You can also download the bundles directly from the distribution directory.

This release also includes important security updates to Firefox.

As a reminder, this is the stable series of the Tor Browser Bundle. It does not include the Pluggable Transport support mentioned in the 3.6 release post, and in this release MacOS archives are still in zip format. If you would like those features, we encourage you to use 3.6-beta-1 instead, and report any issues you encounter.

Here is the complete changelog for 3.5.3:

  • All Platforms
    • Update Firefox to 24.4.0esr
    • Update Torbutton to 1.6.7.0:
      • Bug 9901: Fix browser freeze due to content type sniffing
      • Bug 10611: Add Swedish (sv) to extra locales to update
    • Update NoScript to 2.6.8.17
    • Update Tor to 0.2.4.21
    • Bug 10237: Disable the media cache to prevent disk leaks for videos
    • Bug 10703: Force the default charset to avoid locale fingerprinting
    • Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
  • Linux:
    • Bug 9353: Fix keyboard input on Ubuntu 13.10
    • Bug 9896: Provide debug symbols for Tor Browser binary
    • Bug 10472: Pass arguments to the browser from Linux startup script

A list of frequently encountered known issues with the Tor Browser can be found on our bugtracker. Please check that list and help us diagnose and arrive at solutions for those issues before contacting support.

Anonymous

March 19, 2014

Permalink

Why don't you make a distribution in zip format for windows?

You don't need a zip package, the installer doesn't write anything to registry.
I've checked it with RegShot before and after running the installer.

Anonymous

March 19, 2014

Permalink

why has this update still saying need update ? is there some sort of spoofing attack in progress ?

thank for reply... i did remove the old version and install new version as i always have done for years with no problem... btw i used the new tor browser bundle today after my reported experience and it seem the issue has gone away :D

TBB uses Firefox ESR. Current version is 24.4.0.

TLS 1.1 and TLS 1.2 were not enabled by default until Firefox 27.

Next Firefox ESR release will be 31.

Anonymous

March 20, 2014

Permalink

Whats wrong with you?
We dont want install TBB like a program.
We need an portable TBB!

Anonymous

March 20, 2014

Permalink

This might be a total noob question, but what's the difference between exporting bookmarks to an HTML file, versus backing up bookmarks to a JSON file?

I ask because everytime I download a newer version of the TBB, I have to re-populate the bookmarks menu.

Thanks for all the work you guys do.

From what I could find, restoring from JSON will replace your bookmarks with only what is in the backup file. Using a HTML backup will just add to your existing bookmarks. (source: https://support.mozilla.org/en-US/questions/950445)

It sounds like you know how to do so, but just in case: restoring bookmarks can be done the Show All Bookmarks window (Ctrl+Shift+O). To restore from JSON, use the "Import and Backup" -> "restore" -> "Choose File" and to restore bookmarks from HTML, use "Import and Backup" -> "Import Bookmarks from HTML."

Yeah, overwriting TBB's will cause issues ranging from wrong version of X extension to just not wanting to boot up.

I've pretty much resigned myself to "Have to go the clean installation in a new directory and just import bookmarks!" route when I am updating to a new TBB.

Anonymous

March 20, 2014

Permalink

I download the files:

https://www.torproject.org/dist/torbrowser/3.5.3/sha256sums.txt
https://www.torproject.org/dist/torbrowser/3.5.3/sha256sums.txt-mikeper…
https://www.torproject.org/dist/torbrowser/3.5.3/tor-browser-linux64-3…
https://www.torproject.org/dist/torbrowser/3.5.3/tor-browser-linux64-3…

Previous version files are missing:

sha256sums.txt-erinn.asc
sha256sums.txt-linus.asc

I run the script:

########
#! /bin/bash

echo "" | cat - > file.txt

sha256sum -c sha256sums.txt 2>&1 | grep OK >> file.txt

echo >> file.txt

for a in sha256*.asc ; do
gpg --verify $a sha256sums.txt >> file.txt 2>&1 ;
echo >> file.txt
done

echo >> file.txt

gpg --verify tor-browser-linux64*.asc >> file.txt 2>&1

echo >> file.txt
#########

Running less file.txt I can see a singnatures mess:

gpg: Signature made Wed 19 Mar 2014 09:25:30 PM MSK using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark "
gpg: aka "Erinn Clark "
gpg: aka "Erinn Clark "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659

gpg: Signature made Wed 19 Mar 2014 09:26:01 PM MSK using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark "
gpg: aka "Erinn Clark "
gpg: aka "Erinn Clark "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659

I check "mikeperry" signature manually:

gpg --verify sha256sums.txt-mikeperry.asc sha256sums.txt

gpg: Signature made Wed 19 Mar 2014 09:25:30 PM MSK using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark "
gpg: aka "Erinn Clark "
gpg: aka "Erinn Clark "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE
E659

Why Mike Perry signature displayed as Erinn?
Where is the other signatures?

Anonymous

March 20, 2014

Permalink

Cool :)

Option 1, complain to webroot that their thing is flagging Tor when it shouldn't. Then wait for them to fix it. Apparently this worked once in the past.

Option 2, whitelist Tor in your webroot config. I don't use Windows, so I don't know what you need to click.

Option 3, stop using webroot (and optionally replace it with something else from the same protection racket genre).

Please feel free to chip in with a good option 4 here. :)

Anonymous

March 20, 2014

Permalink

It does not let me update my Tor bundle when I try to write over the same directory. Why is this? It can't extract anything and I have to abort the install.

Anonymous

March 21, 2014

Permalink

Windows 7 - Services

Could someone from Tor please advise if there are any 'Services' that start up automatically which, for the sake of security, users should either change to 'manual' or even 'disable'. Equally, are there any that we should not change to 'manual' or 'disable'?

Thanks

Anonymous

March 21, 2014

Permalink

I'm on Windows XP and found that this issue of Tor has repeatedly either made my PC crash and/or can't be opened at all that I have to resort to 'nude' browsing with Firefox. Is it something to do with the software? This is something very abnormal, never experienced something like this before after some 8 years and I've checked that everything else should be normal.

Anonymous

March 21, 2014

Permalink

I'm download a file from hyperspeeds.com at 1.2 MB/s using the latest version of Tor. That doesn't seem possible. Is there something wrong with my program?

Anonymous

March 21, 2014

Permalink

I can't open .onion websites, only "regular" websites. Why? It's a security problem?

Anonymous

March 21, 2014

Permalink

Just got to the new TBB but every time I try to open it, I repeatedly get "Tor Unexpectedly Exited-Please Restart This Application" with a mini window saying "Tor Launcher-Tor Unexpectedly Exited". Sorry for the noobie question, but this is the first TBB that has done this and I want to get back to my browsing!

Anonymous

March 21, 2014

Permalink

I can run Tor-browser-2.3 on very old hardware: AMD K6-2 @ 500 Mhz - RAM: 384 MB.
Starting with version 3.5, Tor will not run on this old computer, it fails when trying to install it, and if I install it on a newer PC and create a zip package to extract in the old one, it also fails when launching "Start Tor Browser.exe"

  1. DrWtsn32:<br />
  2. Application exception occurred<br />
  3. Exception number: c000001d (illegal instruction)<br />

I have Firefox 28 installed and running in this old machine, so the problem is with Tor.
Is this new version using SSE2 instructions?
Any chance to fix Tor to work again with old hardware?

Wow, I haven't seen mention of that processor family in years.

A few things:

a) The Mozilla Firefox binaries are built with Visual Studio not GCC, which does code generation differently. It is worth noting that the official binaries for Linux built with gcc target i686 and will also not execute on your processor family.

b) There is more that is lacking in K6-2 versus what is expected of a modern ia32 processor than just SSE2. The relevant instructions in this case would be CMOV/FCMOV, introduced for the Pentium Pro.

If you can convince the developers that building the bundle with an i586 target is worth the time, then it should work (for now), though it is unlikely that they can spare build engineer time for that task.

Thanks for the info., but according to this my AMD K6-2 is i686, not i586:
i386 - Intel i386/80386 (in 1985) or AMD386 / AM386 (in 1991)
i486 - Intel i486/80486 (in 1989) or AMD486 / AM486 (in 1993)
i586 - Intel Pentium (in 1993) or AMD-K5 (in 1996)
i686 - Intel Pentium Pro (in 1995) or AMD-K6 (in 1997)
i786 - Intel Pentium 4 (in 2000) or AMD-K7 (in 1999)

So, Tor Browser 3.5.3 shouldn't fail with this processor if compiled with i686 target.
Checking in about:buildconfig I see they changed the compiler from "cl 15.00.30729.01" to "gcc v. 4.6.3" since Tor-Browser 3.0.
The last TBB version I can run with this old machine is Tor-Browser 2.4.18-rc-1