Tor Browser 3.6.3 is released

The third pointfix release of the 3.6 series is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Here is the complete changelog:

  • All Platforms
    • Update Firefox to 24.7.0esr
    • Update obfsproxy to 0.2.12
    • Update FTE to 0.2.17
    • Update NoScript to
    • Update HTTPS Everywhere to 3.5.3
    • Bug 12673: Update FTE bridges
    • Update Torbutton to
      • Bug 12221: Remove obsolete Javascript components from the toggle era
      • Bug 10819: Bind new third party isolation pref to Torbutton security UI
      • Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
  • Linux:
    • Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
    • Bug 12249: Don't create PT debug files anymore

The list of frequently encountered known issues is also available in our bug tracker.


July 25, 2014




July 25, 2014


The beta and alpha versions have security features when can we see them? Because unfortunately tor 3.6.3 is only updated not new features


July 25, 2014


I hope obfsproxy4 (or whatever it's called) will be ready before Russia cracks down on Tor by the end of this year :(

It's obfs4proxy, though in hindsight I should have picked a better name.

Unless their crackdown is reasonably sophisticated obfs3 should work (and ScrambleSuit/obfs4 will work, assuming unblocked bridges), so there's plenty of options in that area already. Furthermore, unless something unforeseen happens, I expect obfs4 should approach being usable from test bundles sometime next month.

obfs4 progress can be tracked at:


July 25, 2014


When will TBB be updated to Firefox 31 esr?

there is no 31ESR . the ESR have number 24.7 but firefox have 31 version number

Actually there is Firefox 31 ESR but Firefox 24 ESR is going to be supported until 25th November.

The new ESR is 31 - 24.7 will be the last update to the 24.x ESR. And I guess TBB will shift to 31ESR no later than when support for 24.7ESR runs out, but I can't remember the date.

Sorry, 24.x ESR will have one more release (24.8), before being dropped for the 31.x ESR series:

I'm desperately trying to lay my hands on the previous release (3.5.4 I believe). 3.6.3 simply does not connect. Where can I get the previous release from?

But really, if 3.6.3 doesn't work for you, you should report a bug and help us fix it. The old Tor Browser Bundles ship with obsolete insecure versions of Firefox.

I have the same issue. The updates on two different computers downloaded through tor will not connect. I downloaded the update without tor and it connects fine. I don't know if that should worry me. Sorry, don't see where to submit bugs, I'll keep looking.

But that said, "my TBB doesn't work, help" is not a bug report -- it's better suited for the helpdesk:

The bug tracker is best for things where you actually have a concrete thing that's broken and we should fix.


Hello, I wasn't able to connect too, but after running TBB in the terminal, I found out this message: "Our clock is 2 hours, 42 minutes behind the time published in the consensus network status document (2014-08-08 08:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings!" Then I adjusted the clock and it worked fine. I'm not an advanced user (migrated to linux recently), but maybe this info will help you.

(I think it would be better if these informations were presented to the user in the GUI too)

Last version Tor Browser 3.6.2 always crack my SUSE Linux for playing youtube in html5 mode



August 01, 2014

In reply to by arma


i am not the person you wrote to.
On my openSUSE 13.1 TBB don't work anymore. Tails work on this Computer and the last Version worked too. If I click on connect then the TBB sometimes start sending and receiving data but stops at some point. Sometimes it even don't start to send or receiving anything. I have deactivatet the Firewall.

Hi my Problem is solved see the first comment on 8.8.14 with UTC

Can I check the Block reported attack sites and Block reported web forgeries options in Firefox/TBB: Menu Option - Security?

We still need to audit the SafeBrowsing feature, see: for the issues we currently can think about. So, if you enable it keep the possible risks in mind.

given that Russia is now trying to bribe people to find tor users and grass them up, what features are gonna be incorporated to prevent this (or make it extremely difficult) and when will that be?

When starting new version in Win XP pro3 the window is only about 70 percent wide. Any way I can get it to start 'maximised' ?

Not until we solve the problems we have with maximized windows:

muito bom esse browser...uso ele constante.

Just wanted to say great work on "catching up" to Mozilla's ESR release cycle!


I've got a problem with cookie management in recent versions of TorBrowser. Can anyone help me please??

The problem can be reproduced with these steps:

1.: Download and start-up a fresh instance of TorBrowserBundle.

2.: Go to "Edit" → "Preferences" → "Privacy", and uncheck "Accept cookies from sites".

3.: Go to "Edit" → "Preferences" → "Privacy" → "Exceptions" and add an exception for a website where you can log in.

4.: Open a new tab and navigate to that website that you've added in step 3, and log in.

5.: While you're still logged in, go to "Edit" → "Preferences" → "Privacy" → "Exceptions", and click "Remove All Sites". This will remove the exception that you've added in step 3.

6.: While you're still logged in, go to "Edit" → "Preferences" → "Privacy" → "Show Cookies", and click "Remove All Cookies". Notice the number of cookies that are actually displayed.

7.: Refresh the tab from step 4. You are logged out now.

8.: Go to "Edit" → "Preferences" → "Privacy" → "Exceptions" and add an exception for the same website as in step 3.

9.: Refresh the tab from step 4. Notice whether you're logged in or logged out.


In step 6: At least one cookie is displayed.

In step 9: You are logged out.


In step 6: Zero cookies are displayed.

In step 9: You are logged in.

If this is a bug, then please fix this as soon as possible.
If this isn't a bug, then please explain to the world how reasonable software can behave this way.


I have not verified this behavior in TBB, but I'm pretty sure it's an upstream issue with Firefox, which doesn't display cookies properly in that part of the UI and hasn't for a while. Given Mozilla's recent marketing push around "fighting surveillance," this feature breaking over several Firefox releases--along with the Firefox 31.0 privacy degradations around similar features--make one question whether there's a disconnect between what Firefox wants to be seen as and how it actually functions.

In either case, I would encourage you to file a bug report upstream with Firefox's bugzilla, unless I'm wrong about this not being an upstream issue.

See also

It does indeed appear to be a Firefox bug.

This is the first time I've used bugzilla:

Hoping they fix it...

Just wanted to say GOOD ON YOU for filing this bug report!

In the process you've brought additional attention to an important policy question: is Mozilla for real when it comes to making sure Firefox privacy/security features actually work as describe, or is it rolling over in every way possible that's not obvious to the user in order to help preserve the tracking capabilities of Google, its major funder?

Thanks for this because it's good to know that I'm not the only one annoyed by that.

Unfortunately I just realised that this bug is now open since more than 1½ years, and it seemingly didn't make much progress in that time.

So, I'm afraid that Tor project can't count on Mozilla devs when it comes to resolving privacy issues.
@Tor devs
Can you estimate whether it would be feasible to fix this in Tor Browser if upstream continues to ignore/delay this issue?

Because, as things are right now, there's no possibility to do cookie management in Tor Browser. :-(

Tor Browser 3.6.3 can be opened only one time. When it is closed you cannot open it again.

Well, that's not true for the rest of the people here. Perhaps you should contact the help desk and see if they can help you figure out what you're doing wrong? And ideally you can generate a bug report so we can help future people in your situation.
[Edit: actually, it *does* appear true for more people here. Please help debug!]

Can you try Mike's new Tor Browser 4.0 alpha builds? Maybe they fix the issue for you?

when I search for stuff an pop into a search to check it out by the time ive checked a 3rd seach im cut off with a response im an automated computer an I have to do a captcha to continue on start page on others it just flat out denys me usage now im not looking up anything illegal immoral or bad last seach I used was banned youtube vids for games an stupid look at me vids people doing dumass stuff an posting it an getting banned because its too dangerous it kept kicking me off means no longer are we able to surf anonumously if some1 or something is watching our searches an I did like 3 in 7 mins so I wasn't flipping thru it like no machine unless its 1 from the 1970s whats the deal with this sorry for the lack of punctuation.

There is at least one area where Firefox ESR desperately needs to catch-up with its more fast-moving sister (regular Firefox): The ability to highlight and copy text from the "Certificate viewer". (And this functionality is especially important for Tor Browser) (And this functionality was long overdue when it came to regular Firefox. Chrome had already had it for some time.)

Without this, the only way to verify the hashes for SSL/TLS certificates is manual visual examination, carefully and tediously matching each digit of a displayed hash.

We are starting the transition to Firefox ESR 31 now. So, this feature will be available in Tor Browser soon, too.

Great to hear, thanks.

@gk / arma:

Any timeframe for ESR 31 as of yet?

Have a look at section "What does the Mozilla Firefox ESR life cycle look like?" We switch to ESR 31 when no update for ESR 24 is available anymore.

Ever since I started using the latest version of TBB which is 3.6.3, I have the following error message appearing in the log very frequently:

[warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed]

What caused it?

How do I fix it?

Thanks in advance for your help.

Sounds like some destination (e.g. website) you're trying to access sent you to an address like When Tor Browser asks Tor to go there, Tor decides you're better off failing to reach it and gives you this log message instead.

I get that message quite often when I connect pidgin to my Tor, since some component in Pidgin (maybe one of AIM's servers?) is trying to connect to a service those name resolves to localhost.

The message (and behavior) is harmless. If your web browsing is working as you expect, don't worry about it. The log message is there as a hint for people who are unhappy that "Tor isn't working" and want to learn why.

Does 3.6.3 go any way towards defeating the threat of deanonymisation which was the subject of the talk pulled from the BlackHat conference.

If not, has any progress been made to counter the threat?


3.6.3 is an update to other components, like the browser. The Tor version remains the same.

Sit tight, there's another update coming. But that said, the next update won't be urgent, since the underlying issue isn't one where we need to put out a patch to the code. More details soon!


Thanks for the quick reply. However, I am a bit confused. The announcement surrounding the cancelled Black Hat conference was that TOR users could be unmasked (easily and) cheaply.

Since the whole basis of TOR is to keep users from being unmasked, why is a solution not urgent?

I know you are busy but I am sure that all users of TOR would be interested in and grateful for a full response.

Thank you.

Love you guys! You are making the Internet a better more free place. Everbody run Relays and Bridges and save the Internet from the Threat called NSA!