Tor Browser 5.0.3 is released

A new stable release for Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

We fixed a number of regressions from our switch to ESR 38 back in August and reduced keyboard layout fingerprinting to mention just some highlights.

These and all the other changes can be found in the complete changelog since 5.0.2:

  • All Platforms
    • Update Firefox to 38.3.0esr
    • Update Torbutton to 1.9.3.4
      • Bug 16887: Update intl.accept_languages value
      • Bug 15493: Update circuit display on new circuit info
      • Bug 16797: brandShorterName is missing from brand.properties
      • Bug 14429: Make sure the automatic resizing is disabled
      • Translation updates
    • Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
    • Bug 16837: Disable Firefox Hotfix updates
    • Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
    • Bug 16781: Allow saving pdf files in built-in pdf viewer
    • Bug 16842: Restore Media tab on Page information dialog
    • Bug 16727: Disable about:healthreport page
    • Bug 16783: Normalize NoScript default whitelist
    • Bug 16775: Fix preferences dialog with security slider set to "High"
    • Bug 13579: Update download progress bar automatically
    • Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
    • Bug 17046: Event.timeStamp should not reveal startup time
    • Bug 16872: Fix warnings when opening about:downloads
    • Bug 17097: Fix intermittent crashes when using the print dialog
  • Windows
    • Bug 16906: Fix Mingw-w64 compilation breakage
  • OS X
    • Bug 16910: Update copyright year in OS X bundles
Anonymous

September 22, 2015

Permalink

Please help me, After My Tor Browser updated to 5.0.3 but my antivirus "Panda" deleted it. I lost all of my bridges and conditions.

Just started with TOR browser. Now that it's activated and protected, I want to use it privately, so that when another machine user is on (who can get in my identity) to check where I went online, needs to be deleted without a trace back. How do I ensure that I have cleared out any cookies or otherwise to identify which web sites I am on?
I know how to use programs but am not into code very well or IT stuff. Any clues how to clean out Tor's records of websites visited?

Anonymous

September 22, 2015

Permalink

I want to restore crashed sessions, and (better) be able to keep all open tabs when I close/open the Tor Browser.
Because of the lack of this things, I have using the old 3.5 version of TorBundle instead of new versions. Yes, this insecure, but I NEED TO KEEP the TABS session!

Hello, for that you should at least deactivate "Don't record browsing history or website data (enables Private Browsing Mode)" in your "Privacy and Security Settings".

Anonymous

September 22, 2015

Permalink

FIRST!
Oh wait this isn't YouTube
anyway, good update.
I've been waiting for GK to write this blog post
I knew there was Tor Browser 5.0.3 from Tails 1.6.0

Anonymous

September 23, 2015

Permalink

thanks

i would be great if Tor team make an application like :what's up ,Telegram and etc which works Anonymous

android applications are more practical and more effective.

Telegram is transfering their servers to iran

Anonymous

September 23, 2015

Permalink

Thank you very much for restoring sync!! It was a real pain to manually export and import bookmarks every day.

You're not going to get a consensus on what nodes to block, other than those nodes that tor blocks by itself. Not everyone has the same threat model and concerns you do.

Anonymous

September 23, 2015

Permalink

The Settings page now works as expected in High Security Mode. Thanks a lot for fixing this!

Anonymous

September 23, 2015

Permalink

When updating from within the Tor browser, rather than downloading again and comparing sig file, how safe is this from MMTM attack?

Pretty safe as the update files are signed with a key. Thus, assuming you meant a MITM attack, even if an attacker could be in the middle (which is not easy given we pin the certificate) they would still need to figure out how to get around the signature feature. Tor Browser won't accept update files with a wrong signature.

Good question! I avoid attacks in this way:
1. Manually download corresponding .MAR file from Torproject.org distribution directory
2. Download and update Tor Browser with it's updater., But don't restart!
3. Compare checksums of downloaded MAR file with MAR file located in Tor Browser\Browser\TorBrowser\Data\Browser\Caches\Tor Browser\Browser\updates\0
4. If the checkums are exact, then the Browser is updated with the same MAR file that are distributed by Torproject. The MAR also is determenistic built, it means everyone with right tools and skills can recreate the exact file from source code.

Anonymous

September 23, 2015

Permalink

thanks for a great release! it is excellent to see how quickly the TBB team has 'caught up' with the firefox release cycle. auto-updating both firefox and TBB on the same day makes me happy.

Anonymous

September 23, 2015

Permalink

Last night it was no problem to use mail2tor. But today the link (.onion) doesn't work. Is there a problem? Although I updated the Tor Browser to 5.0.3. I don't think that should be a problem. Can anyone say something useful about this?

Mailt2Tor onion address doesn't work for me neither atm. Anyway this isn't torproject side, and you should contact Mail2Tor admins to get better info.

Anonymous

September 23, 2015

Permalink

Some porno sites are incompatible with Tor...why? Html 5? Flash? Help me!

Anonymous

September 24, 2015

Permalink

After upgrading to 5.0.3., i always get the same entry node (same ip), even if i restart tbb and/or computer. When i redownload and verify new tbb and launch it, i get a new entry node but then that one stays the same again, even if i relaunch it again.
Is this ok?

Interesting about guards. I hadn't sufficiently taken the implications in myself.

A question: If the guard is being surveilled by the NSA, like Sebastian Hahn's is/was in Germany, what can the NSA actually learn as opposed to what they could learn if they ran the guard themselves?

Anonymous

September 24, 2015

Permalink

Meek runners like google have the history of working with NSA revealing by E.Snowden. If one connects to one of their server the IP maybe loged, it also logs how many times user uses their Meek every day, then can tell how you love Tor and how important your data is, why they don't send the logs to Chinese government if they want to earn more the Chinese money. Yes, government and runners work together, much easier to know you data.

recently, Meek is very easy to build the connection, that is never happen before, when the obfs3/4 isn't.

If the cloud provider(s) running the current meek entry points are adversaries in your model, don't use meek. I'm not sure what more there is to say about this. Yes it's bad that people are in bed with various governments? It is, but I don't know what people expect should happen here? Not offering meek?

Anonymous

September 25, 2015

Permalink

Sometimes, when pressing the Torbutton, the circuit view showing the three nodes isn't there. This also happened haphazardly in the previous versions. Is this a known issue? I couldn't find anything definitive on it.

Anonymous

September 25, 2015

Permalink

After upgrading to Tor Browser 5.0.3, the tor button will not show the route of the network (those three green dots). Is this feature removed in 5.0.3?

Anonymous

September 25, 2015

Permalink

I'm using Windows. I downloaded TBB 5.0.3. After the update, two Https Everywhere addons appeared in the addons manager. This is the first time I can recall this ever happening. Do I just uninstall the oldest version? http://prntscr.com/8kc1bi

Anonymous

September 25, 2015

Permalink

This may have been mentioned previously, but on Win7 64bit, whenever TorBrowser is maximized it freezes the PC temporarily and occasionally causes aero to turn off. It seems rather than maximizing correctly, it creates a much larger, un-maximized version of itself, far larger than the actual screen (1080p).

Anonymous

September 25, 2015

Permalink

To clarify the maximized TorBrowser issue, this occurs only when setting the browser to display tabs from the previous session, and it's a 20+ tab session.

Anonymous

September 27, 2015

Permalink

download does not work at https://openload.co

{"status":403,"msg":"download ISP is different to request ISP. request: AS249xx download: AS161xx"}

in the last version of tor same problem

Anonymous

September 28, 2015

Permalink

hi,

i am unable to get tor-browser-linux64-5.0.3_en-US.tar.xz to work on openbsd.

can someone help me please?

This is #10763/#14942 in our bugtracker. So, there is no known fix for this issue available yet.

Hi gk:

Perhaps Tor developers would like to co-operate with the people who are porting Tor Browser Bundle to OpenBSD.

The latter's project is to be found at: https://github.com/torbsd/openbsd-ports

If you read the contents (of that web page) carefully, you won't want to use TBB offered (on that web page) because:

A. The version is 4.5.3 whereas the official TBB's version is 5.0.3
B. A warning that the TBB offered on that web page is experimental
C. It is not officially supported by The Tor Project

On a different note, I'm puzzled that the writer of the web page complained about This is because the Tor project chooses not to make source tarballs easily available for anything except tor itself (their gitian-based build process does not require them).

I wonder what Tor developers have to say about the writer's complaint.

Anonymous

September 28, 2015

Permalink

I am new on TOR and I am currently using version 5.0.3 TB and thank you for all the work already done.

What would be great:
- It would be to have a secure page translator and configured in TB ...
- It would be to have a secure, configured Meta search engine..

For cons, I'm surprised because I am an online browser security test site different and advice me to install a firewall for protection because a lot of ports are open !!!

The Windows firewall is not enough?

Anonymous

September 30, 2015

Permalink

Running 5.0.3 64bit on slackware it reports as 5.0.2 and "out of date" verified its sigs which report all good?

Anonymous

September 30, 2015

Permalink

Scrap that last, I just removed the dir and re extracted and its all good.
however, I never used to have to do this, just been extracting over exisiting has always worked till now!