Tor Browser 4.0.8 is released
This release contains a fix for the update loop issue present in 4.0.7. It is otherwise identical to that release.
Both 4.0.7 and 4.0.8 contain an update to the included Tor software, to fix two crash bugs in the version of the Tor software included prior to 4.0.7. One crash bug affects only people using the bundled tor binary to run hidden services, and the other crash bug allows a malicious website or Tor exit node to crash the underlying tor client by inducing it to load a resource from a hidden service with a malformed descriptor. These bugs do not allow remote code execution, but because they can be used by arbitrary actors to perform a denial of service, we are issuing a security update to address them.
There will be no corresponding 4.5-alpha release for this fix, to allow us to focus on stabilizing that series for release in ~2 weeks.
Note to MacOS users: This is the last planned release that will run on 32 bit MacOS versions. Users of Mac OS 10.8 (Mountain Lion) and newer versions will be automatically updated to the 64 bit Tor Browser 4.5 when it is stabilized in April, and we expect this transition to be smooth for those users. However, the update process for 10.6 and 10.7 users will unfortunately not be automatic. For more details, see the original end-of-life blog post.
Here is the complete changelog since 4.0.6 (covering 4.0.7 and 4.0.8):
- All Platforms
- Bug 15637: Fix update loop due to improper versioning
- Update Tor to 0.2.5.12
- Update NoScript to 22.214.171.124