Tor Browser 4.5.2 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.

Here is the complete changelog since 4.5.1:

  • All Platforms
    • Update Tor to 0.2.6.9
    • Update OpenSSL to 1.0.1n
    • Update HTTPS-Everywhere to 5.0.5
    • Update NoScript to 2.6.9.26
    • Update Torbutton to 1.9.2.6
      • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
      • Bug 14429: Make sure the automatic resizing is disabled
      • Translation updates
    • Bug 16130: Defend against logjam attack
    • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  • Linux
    • Bug 16026: Fix crash in GStreamer
    • Bug 16083: Update comment in start-tor-browser

"If a command is found but is not executable, the return status is 126." For some reason you need to do a chmod +x on the file first. How and where (file system) did you extract the .tar.xz in the first place? What are the permissions of the script after extraction in your case?

Anonymous

June 16, 2015

Permalink

Downloaded this update multiple times, crashes immediately on launch, says to send the tor log, but the log is completely empty. This is 64-bit Mac OS X version.

Anonymous

June 16, 2015

Permalink

error ssleay32.dll tor missing file / bad install...avg error.

did a "restore" through avg after some fiddling and it "solved" it; but I'm not convinced currently. Gonna hit 4.5.1 for now.

4.5.1 is bringing up the error now too...

Anonymous

June 17, 2015

In reply to by Anonymous (not verified)

Permalink

Tor Browser doesn't have issues with Google recaptcha, Google recaptcha has issues with Tor Browser, or more specifically an issue with clients without javascript enabled.

Anonymous

June 17, 2015

Permalink

Please, give me a link to download last version of the previous branch (4.0.8) for Windows (.exe) and its signature (.asc). Directory https://www.torproject.org/dist/torbrowser/4.0.8/ is gone and there is no trace available on the Internet. I need to use torbrowser with HTTP proxy. New versions 4.5.x do not support this.

Update. I managed to find torbrowser-install-4.0.8_en-US.exe. If someone has PGP signature for this file (contents of .asc), please post it here for sure that the file is not trojaned.

torbrowser-install-4.0.8_en-US.exe.asc

  1. <br />
  2. -----BEGIN PGP SIGNATURE-----</p>
  3. <p>iQIcBAABCgAGBQJVJrogAAoJEC4axo7UCBTgqHMQAL0P6KZCUOtL57/JaPUTQM/A<br />
  4. FfZUBLHNTnh7Q7s77BaMSNUVQyZ/jBmbt+UwNZoGyLlOFhr+yBOcTmJVUlixZklF<br />
  5. nh8wEnY2/nNHrrd5l8Tzrp8XNYqfLgrCcohSNy9f768h831ffvE0uIkRDxLhm4e1<br />
  6. tABBPMPtYW9GO+hF7Un8CeILARPfYsPDErRJeBv3X6cfuYkC60MqpXyg/zXl897x<br />
  7. ItA9E6n0IP3n6UbAL4PceRAt1gh/PLY3BW7m3icVSlyWN6BkuyYWeqS7z8Lz4kWC<br />
  8. aJHA7aXqQAbuM4NgPEBgHcHmt3RyeUyGTLsFuPRuEA8cnAFpNvIS86oGrxqZJ6gc<br />
  9. IRQMEFO7OxGn5Vuy4NRYKz7WpFnX4FtCzmRR8rRrhE/h59+9yishUtS+NPXy2kQO<br />
  10. x0nnOSxGz1flPl276VBdNbSdXQFmslntpFV+dI5cpe+j+2AQruzWA6fR7NYZNnJs<br />
  11. dd3zyafspKQLAQxXsRyeR25iWjMafUYC49ouF52PsmajICSX02MfEFl1KQF6xAgA<br />
  12. i2ER3X++5N+ep8WImv8IcRde6Rfq0K03GiNzMVstpuw3tsQSQl0MYVhTwSNV8Q8t<br />
  13. Jit4AYDvRQ/QiZx03s2JTng4TUIL8e0u3SiybOXZUmeiFQQl9jJJicVzk4UDo9gS<br />
  14. WwZA7LxoopPxyr1g0OLo<br />
  15. =qd41<br />
  16. -----END PGP SIGNATURE-----<br />

Anonymous

June 17, 2015

Permalink

Tor Browser versions 4.5.2 & 4.5.1 for OS X are working usually fine.

But Tor Browser is actually crashing already for a long time on some webpages.
Tried to reproduce this again with the 4.5.2 version on this news page form dr.Web antivirus company, where this problem almost always is happening.

https://news.drweb.com/show/review/?lng=en&i=9461

Trying to directly print this page as a file, not using the preview option, results in a complete browser crash almost every time.
The crashes are not happening when I completely disable the page css, but you need to install an extra browser extension for that to accomplish printing without css lay out.
This crash was without any extra browser extension so it could not be addressed to that.

A very little piece of the crash report.

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000…….
Crashed Thread: 0 Dispatch queue: com.apple.main-thread

The Dr. web site is only one of the sites thats causing a complete crash on printing as a file.
Now is this a Tor Browser problem or a very smart or bad webdesigned (css) way to prevent visitors printing a page?

I did not mention this before because it's only happening on some webpages.

Hi GK,

I did not test it yet on OS X 10.10 Yosemite but the crashes on the page mentioned are happening in two older different OS X versions.

Got another crash one, different OS X system

Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000…….

Anyway, I figured out that it probably has something to do with the NoScript settings after I did bring the Torbutton slider to the security setting 'Very Much Higher'.
Now, because you do not have the spec for that (yet ;), where can I upload that particular "Very Much Higher" Noscript config?
Pasting the exported specific NoScript settings as plain text would take too much space here.
Also images can say more then a thousand words but there's not an upload function for that (?).

The crash procedure is quite simple.
Visit the particular page of Dr.Web
https://news.drweb.com/show/review/?lng=en&i=9461
Do not allowing javascripts, give a printing command (cmd P), window appears, take in the left corner below the pdf button and choose under the arrow the hidden menu the option "Safe as pdf" , choose a location for storing the file, enter, wait a moment, swoosh there vanishes your browser.

I did also change the page lay out settings a bit, I don't like the url on the right side because a lot of times it's leaving the page and therefore not to use afterwards, so I put it on the left side. Did remove the printing date as well.

I really do think it has something to do with these manual extra secure NoScript settings, I'll try to reproduce this later on OS X Yosemite 10.10 as well.

Hi again GK,

Tested the print crash problem on another machine with OS X 10.10.3 Yosemite and Tor Browser 4.5.2 (3100.1.1) X86-64 (Native).
It gave another crash again on the particular dr. Web sitepage.

Part of the crash report again :

Crashed Thread:        0  Dispatch queue: com.apple.main-thread
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000……(some more numbers and letters)..

VM Regions Near …….:
    VM_ALLOCATE            …(some more numbers and letters)... [ 2824K] rw-/rwx SM=PRV  
-->
    VM_ALLOCATE            …(some more numbers and letters).. [ 1024K] rw-/rwx SM=PRV  

Extra note is that this problem exist on other websites as well (not a majority) but I just could remember this site doing this.
It seems OS X version independent, I tested it now several times with different Mac’s and different OS X versions, from the oldest supported X (by Torproject) to the newest OS.

Maybe you can reproduce this problem by setting NoScript almost as strict one can do, or otherwise just let me know where to paste an example of the used NoScript settings for this Crash matter.

If this is related to a NoScript setting could you try to isolate that one? I tried to follow your steps with the security slider set to "High" on an old OS X system (10.6.8) but I did not get to crash my Tor Browser. Opening a bug on https://bugs.torproject.org might be a good way as well to track this issue further down.

Anonymous

June 17, 2015

Permalink

Unable to expand the TOP browser window. (Version 4.5.2 Windows 8.1) I could not find any options to correct this problem. Please help.

Anonymous

June 17, 2015

Permalink

AVG 2015 detects "tor.exe" for the "tor 4.5.2" as a threat and don't give any other option than deleting :(

Anonymous

June 17, 2015

Permalink

Unable to expand the TOR browser window after update to version 4.5.2 (Windows 8.1, Windows 10, FullHD 1920x1080) I could not find any options to correct this problem. The problem occurs immediately after you make any change in your browser settings. The same problem also occur in version 5.0a2. Please help.

Be very sure you know exactly what your asking; Tor Browser is moving towards set browser window sizes for a reason! You're opening yourself up to browser fingerprinting.

Anonymous

June 17, 2015

Permalink

Why do you not all work on the Tor Project Browser? That way, we can keep releasing new version so much faster. You are all lazy punks, posting comments and wasting time. Go sign up and volunteer to work on this project, or else...

Or else Astoria will reign supreme!!!!!!!!!!!!!!!!!! HWAHAHAHAHA!

Anonymous

June 17, 2015

Permalink

Whenever I search a term using the right click->"Search for *", it goes to the disconnect search page and NoScript gives error "NoScript filtered a potential cross-site scripting (XSS) attempt from [chrome]. Technical details have been logged ..." How would I go by searching like this without disabling NoScript/temporarily allowing scripts?

By the way, there's a extra word typo and it says "Search Search for * instead, not sure if Tor devs should fix it or report it Mozilla.

The "Search Search" is coming from the fact the we are using "Search" instead of "Disconnect" as our search engine name as users might get the feeling they are disconnecting from the Tor network with the search bar otherwise. Seems we can't win here. :/

I need to investigate the XSS warnings. Maybe Disconnect or we can do something about them. I've created https://bugs.torproject.org/16425 for it.

Anonymous

June 17, 2015

Permalink

SERIOUS: I was using TBB for like an hour and then i visited ipcheck.info and it said that I was not using TOR and it could uniquely identify me!

Your IP:

213.61.149.100 (Proxy)
Cache (E-Tags) -> produced a number
HTTP session - > unlimited
Referrer: shown

and various other factors of identification! Why has this happened??

Anonymous

June 17, 2015

Permalink

Potential bug: I set NoScript to disallow all scripts globally, however if I set the tor button security setting to "Medium-High" it overrides the NoScript setting and allows scripts. This is pretty confusing.

This is a actually a feature to avoid people shooting themselves in the foot by having different configuration settings. We provide four different security levels which govern JavaScript settings as well in a less-fingerprintable way.

Ok, this is alright if it's by design. The confusing part was, that it won't allow me to setup a more restrictive setting for NoScript. Now, that I know this, it's okay. Thank you for your effort!

Anonymous

June 18, 2015

Permalink

I also have AVG detecting an unknown threat in the update. What do I do now? I'm using Windows 8.1.

Anonymous

June 21, 2015

Permalink

tor very great
tor browser vulnerable to hacking,man-in-the-middle-attacks,viruses,spyware,etc
tor browser secure
thanks tor project to securing tor browser

Anonymous

June 24, 2015

In reply to by Anonymous (not verified)

Permalink

"In present you can use Vidalia for a similar feature.If you want."

Right.
And the user can set HIS prefered entry,directory guards from the relay list in Vidalia. It would be really WORSE + a problem if TAILS denies custom entry.
The possibility to make custom entry persistent on DVD/USB woud be nice,too.

Anonymous

June 22, 2015

Permalink

Somehow, with the new 4.5.2 on Win7 64, Tor suddenly will NOT start at all.
I also tried the 5.0a2, which did the same. Older versions of Tor still work on my system.

Do you get error messages? What does "NOT start at all" mean? You don't see any Tor Browser configuration dialog? Or just the browser is not showing up? Do you have an Antivirus program running? If so, which one?

Anonymous

June 23, 2015

Permalink

Bridges do NOT work in this version of TBB for Linux. Whether obfs3 or obfs4, default bridges or manually entered, Tor will not be able to connect. You can only connect if you don't use bridges. Fix this, please.

Anonymous

June 24, 2015

Permalink

Hi Mr. Perry
I'm a Windows 7 user and have been using Tor Browser for the past 5-6 years on both Windows XP & 7 successfully . In fact Tor has been working flawlessly for me up to the last 10 days . I have not been able to connect to Tor since then . I continuously get the message " no route to host ***.***.***.***:*** ".
The problem,in my opinion,started with version 4.5 and on later .
I have been getting bridges that resulted in the same result : no route to host .
In the meantime , I have been able to connect to FREEGATE software easily which IT SAYS "CONNECTED TO 7 SERVERS".
A few hours ago I got three more obfs3 bridges and I'm now connected to Tor and posting this message (comment ) .
By the way , I'm in Iran .
It seems that the censors have found a way to block Tor in Iran .
Please investigate my comments and try to find out a solution to the problem for the Iranians.
I don't know whether it's relevant or not :
I opened regular Firefox and after a minute or so I opened Tor Browser connect page and after 4 to 5 minutes I got connected . I did the same with other browsers and even when Freegate software was running and I could not get connected to Tor.
I'm anxiously awaiting for your new and improved Tor Browser .

Anonymous

June 28, 2015

Permalink

I still have Chatzilla problem on Linux, when connecting: "error creating socket".
I added SocksPort 8150 NoIsolateSOCKSAuth below SocksPort 9150 in torrc-defaults

What do i put in Chatzilla >> Preferences >> Global Settings >> Proxy Type: ?

Neither of http://chatzilla.hacksrus.com/faq/#proxy settins works