Tor Browser 4.5a5 is released
The Tor Browser team is proud to announce the release of the fifth alpha of the 4.5 series of Tor Browser. The release is available from the extended downloads page and also from our distribution directory.
Tor Browser 4.5a5 is based on Firefox ESR 31.6.0, which features important security updates to Firefox.
We're very excited about the usability and security improvements in this release. On the usability front, we've created a FreeDesktop-compatible launcher wrapper for Linux that can be invoked from either the GUI or the shell, and we also provide Windows users with the ability to add optional Start Menu and Desktop shortcuts. The circuit usage of Tor Browser has also been improved to avoid transitioning to a new circuit for a website while it is in active use.
On the security front, the Security Slider now has full descriptions of the browser behaviors that are changed at each security level. We've also made improvements to our display resolution fingerprinting defenses to automatically resize the browser window to a 200x100 pixel multiple after resize or maximization, and to perform similar resizing for full screen HTML5 video. Finally, the Windows releases are also now signed using the hardware signing token graciously provided to us by DigiCert, so Windows users should no longer be warned about Tor Browser being downloaded from an "unknown publisher".
And those are just the highlights. The complete list of changes since the 4.5a4 release is as follows:
- All Platforms
- Update Firefox to 31.6.0esr
- Update OpenSSL to 1.0.1m
- Update Tor to 0.2.6.6
- Update NoScript to 22.214.171.124
- Update HTTPS-Everywhere to 5.0
- Update meek to 0.16
- Update Tor Launcher to 0.2.7.3
- Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
- Update Torbutton to 126.96.36.199
- Bug 9387: "Security Slider 1.0"
- Include descriptions and tooltip hints for security levels
- Notify users that the security slider exists
- Flip slider so that "low" is on the bottom
- Make use of new SVG and MathML prefs
- Bug 13766: Set a 10 minute circuit lifespan for non-content requests
- Bug 15460: Ensure FTP urls use content-window circuit isolation
- Bug 13650: Clip initial window height to 1000px
- Bug 14429: Ensure windows can only be resized to 200x100px multiples
- Bug 15334: Display Cookie Protections menu if disk records are enabled
- Bug 14324: Show HS circuit in Tor circuit display
- Bug 15086: Handle RTL text in Tor circuit display
- Bug 15085: Fix about:tor RTL text alignment problems
- Bug 10216: Add a pref to disable the local tor control port test
- Bug 14937: Show meek and flashproxy bridges in tor circuit display
- Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
- Bug 13019: Change locale hiding pref to boolean
- Bug 7255: Warn users about maximizing windows
- Bug 14631: Improve profile access error msgs (strings).
- Bug 9387: "Security Slider 1.0"
- Pluggable Transport Dependency Updates:
- Bug 15448: Use golang 1.4.2 for meek and obs4proxy
- Bug 15265: Switch go.net repo to golang.org/x/net
- Bug 14937: Hard-code meek and flashproxy node fingerprints
- Bug 10280: Improved fix to prevent loading plugins into address space
- Bug 15406: Only include addons in incremental updates if they actually update
- Bug 15029: Don't prompt to include missing plugins
- Bug 12827: Create preference to disable SVG images (for security slider)
- Bug 13548: Create preference to disable MathML (for security slider)
- Bug 14631: Improve startup error messages for filesystem permissions issues
- Bug 15482: Don't allow circuits to change while a site is in use
- Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
- Bug 12468: Only print/write log messages if launched with --debug
- Bug 3861: Begin signing Tor Browser for Windows the Windows way
- Bug 15201: Disable 'runas Administrator' codepaths in updater
- Bug 14688: Create shortcuts to desktop and start menu by default (optional)