Tor Browser 3.6.6 is released

The sixth pointfix release of the 3.6 series is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Here is the complete changelog for 3.6.6:

  • All Platforms
    • Update Tor to tor-0.2.4.24
    • Update Firefox to 24.8.1esr
    • Update NoScript to 2.6.8.42
    • Update HTTPS Everywhere to 4.0.1
    • Bug 12998: Prevent intermediate certs from being written to disk
    • Update Torbutton to 1.6.12.3
      • Bug 13091: Use "Tor Browser" everywhere
      • Bug 10804: Workaround fix for some cases of startup hang
  • Linux
    • Bug 9150: Make RPATH unavailable on Tor binary.

The list of frequently encountered known issues is also available in our bug tracker.

I assume it is a bug.

My reasoning: The TorBrowser as a hole doesn't update automagically, but merely informs the user about updates. This leads the user to believe it'd be a project-wide policy not to auto-update (which is the right thing to do by the way; please refer to the "uplink" feature in "I, Robot" (Will Smith) for the details).

I honestly can't imagine that TBB developers want to have such inconsistent behaviour (no auto-update for browser versus auto-update for add-ons) in their project.

So, feel free to be the first one to file the bug report!

Such is how it would seem to me as well.

Now the question is: How much concern is warranted over this behavior of TorBrowser, i.e., automatically updating addons?

Is some immediate action on the part of the Tor Project warranted?

TorBrowser doesn't update automatically because automatic updating like Firefox isn't a trivial feature to write for the number of programmers Tor has. There was a time TBB didn't even check if there was a new version like it does now even though that is significantly less work.

While updating automatically does allow for certain attacks (and assumes that the Tor developers will remain trustworthy,) for the vast majority of users it significantly reduces the amount of time after an update is published that it gets deployed on their machine.

Can someone from the TBB developers confirm that autoupdate add-ons is wrong please?

my version of no script is now 2.6.8.43. i deactivated autoupdate, i guess reinstall TBB is the right thing?! thanks

Anonymous

September 28, 2014

Permalink

I like to let my fixed IP in tor version 3.66.

need 1 ip is clear that it is not mine but that is FIXED in BRAZIL .

I can not in this version .

need 1 ip is clear that it is not mine but that is FIXED in BRAZIL .

I can not in this version .

the game I play I can not ta turning the changing world of IP that almost denounces me ..

there help me please ..

Sounds like you want to get one of those VPN providers or something that offer that service. Their anonymity promises are snakeoil, but I imagine if they promise to route you through Brazil they probably do.

Anonymous

September 29, 2014

Permalink

Sync freezes on 366. if I use the "replace local" option in the advances options box I can't close the dialog box. If I check the "merge" radio button, the dialog box closes but no action is performed when I try to go on. It worked fine as of 365. Thanks.

Seems to be a bug. For now the solution is to enter about:config, find the preference security.nocertdb and change it to false. Then you have to close and restart the Tor Browser and you should be able to sync.

Anonymous

September 29, 2014

Permalink

Can you disguise the "TorBrowser" title? As anyone can become suspicious when they see that instead of a standard "Firefox" title. Making us vulnerable to prying eyes!

Unfortunately, Firefox's legal team would have a problem with that. If you modify the firefox source (which Torbrowser does,) you can't legally use Firefox trademarks (like the name, logo, etc.)

Hello, I would also like to ask this question.
@devs: There is not anymore an easy way to check the content (images, scripts etc.) of a page. Maybe with the debug tools. But there is no overview as far as I know.
Is this due to security reasons? And is it possible to enable the tab in About:config or so?

Same here "Change Master password" button is greyed out and when I try to add a password I get "unable to change password" popup...

Anonymous

September 30, 2014

Permalink

Yeah :D

Anonymous

September 30, 2014

Permalink

Just wondering, are there any plans to release binary diffs in the future?
Considering all the work that goes into deterministic builds, all that minimization of so much extraneous data sounds (to a layman) like it could be tight.

Anonymous

September 30, 2014

Permalink

Hi All,

I can not login to badoo.com
Even with the link in the registration email not working.
Any ideas?
Thank you

Anonymous

September 30, 2014

Permalink

I've noticed an issue on Comcast and I was wondering if anyone else has. When going to totally legal and legit sites using Comcast lately (last 3 days about), unless I use obsf3, the sites keep on timing out and Firefox keeps on refusing to go to the websites.
I thought that this was an issue with the TOR Browser until enabling that and then it was like "What the hell is Comcast doing?"

Anonymous

October 01, 2014

Permalink

Have an unusual error here.Quite by accident,may not.
Using Tor years with Debian on some computers.All fine,no problems.Almost with javascript off.
With releasing Tor Browser 3.6.6 i installed it on a nearly new computer with windows.
Windows was working fine -before this.
Surfing some time with javascript on then shutting down windows.
Next try to start computer was a surprise.
HDD is "ill".Boot is running moments before uefi-bios starts HDD.Then comp hangs+no other device can boot+no entry in bios.HDD seems very healthy(S.M.A.R.T,manufacturer test software). Windows repair disc cannot repair and cannot find installed Windows.
When pull sata plug from HDD i can enter bios and boot normally,windows from HDD too.With sata plug in machine it's hanging.
I've never had any strange error especially like this.

Anonymous

October 02, 2014

Permalink

Would really appreciate some instructions for setting up and running Vidalia with TBB 3.6.6. It worked perfectly with the previous version of TBB, but now it asks for a password, and if I hit the reset button in vidalia, then vidalia works, but TBB doesn't.

I suspect there is a difference in port settings between Vidalia and TBB 3.6.6. Where are the ports used by TBB documented?

Also, my AVG antivirus keeps alerting on this version of TBB, but has never done so on previous versions. Makes me nervous.

I don't think that there are any changes between 3.6.6 and 3.6.5 that should effect Vidalia; of course Tor Browser no longer supports Vidalia and using Vidalia with Tor Browser might end up with undesired behavior.

Also, what's the exact complaint by your antivirus? Modern antivirus software uses several different techniques to identify potential threats, some of which produce false positives. It doesn't help that there are some individuals that use tor for nefarious purposes possibly getting it added to some malware lists.

Anonymous

October 03, 2014

Permalink

3.6.6 is terribly slow at loading web pages. Please make available the 3.6.5 version for download

3.6.5 shouldn't be any faster than 3.6.6 unless it's related to firefox itself; are you sure it isn't either server side or some other change with your computer? I haven't noticed any differences.

If you downgrade, you're potentially opening yourself up to more bugs that could be used to identify you.

Anonymous

October 03, 2014

Permalink

This version breaks the find (ctrl + F) feature in TorBrowser for me, Windows 7. Can anyone confirm?

Anonymous

October 06, 2014

Permalink

The 3.6.6 (GNU/Linux 64-bit) version takes a very long time to connect to the network and then equally long times to load websites, which makes this version completely unusable. Can you please allow the download of version 3.6.5?

Anonymous

October 08, 2014

Permalink

Is there a reason why the use of master password is disabled or is this a bug?

Anonymous

October 18, 2014

Permalink

I am giving Tor 24 hours....! To fix all bugs...! other wise i will access ...it is a take over...!