Tor Browser 5.5.2 is released

Tor Browser 5.5.2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.

The full changelog since 5.5.1 is:

Tor Browser 5.5.2 -- February 12 2016

  • All Platforms
    • Update Firefox to 38.6.1esr
    • Update NoScript to 2.9.0.3
Anonymous

February 12, 2016

Permalink

Hmm, getting the error "The integrity of the update could not be verified" when I try to update. I'm on Qubes-Whonix. Tried getting a new identity, which didn't make any difference. The error shows up in 2 of my VM's, but doesn't in another. Any idea what's wrong?

Another thing you could do is checking were exactly the issue is by setting `app.update.log` in your Tor Browser to `true` and open the browser console with Ctrl + Shift + J and looking at the log output.

(I'm the person you replied to.) Qubes-Whonix is 64-bit. I restarted Tor Browser, told it again to look for updates, and that fixed it. I'm not sure why restarting Tor Browser fixed it; I've never seen that behavior before. Sadly I don't have any debug output for you.

Anonymous

February 12, 2016

Permalink

As I am new and don't know, hereby a copy of a posting to help@rt.torproject.org:

5.5.1 (based on Mozilla Firefox 38.6.0)

https://thegreateststorynevertold.tv

Safe mode:

The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is working.
-------------

After 30 minutes trying to figure solution: http://thegreateststorynevertold.tv/portfolio/part-8-pearl-harbor/ Screen changed to:

Forbidden

You don't have permission to access /portfolio/part-8-pearl-harbor/ on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at thegreateststorynevertold.tv Port 80

Or
I get: This request has been denied for security reasons. If you believe this was in error, please contact support.

Reference #18.37535d68.1455279193.d56bd48

------------------------------

Access Denied
You don't have permission to access "http://www.lufthansa.com/us/en/Homepage?" on this server.

----------------------------

I tried to do as secure as possible. Any advise?

These websites are blocking access over Tor. Because Tor's anonymity is sometimes abused, some website operators have chosen to deny access to Tor users.

Anonymous

February 12, 2016

Permalink

مساء الخير ومشكورين على هالبرنامج

Anonymous

February 12, 2016

Permalink

getting torbutton warn "no SOCKS credentials found for current document" in browser console. proxy setting: http/https without username/password. how to fix this?

I think this message is related to Torbutton not being able to find a domain against which to perform domain isolation for the purpose of showing the tor circuit graph.

It happens because Firefox's own UI uses several windows/documents that trigger Torbutton's algorithm. Examples: about:* pages, some of the Developer Tools sometimes*.

I believe such cases are harmless and you can disregard the warning.

(*) I have also seen this: "Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]"

Anonymous

February 12, 2016

Permalink

Sorry, just sent you the log output without "setting `app.update.log` in your Tor Browser to `true`"
Where can I find: setting `app.update.log`?

Anonymous

February 12, 2016

Permalink

Добавте русский язык

Anonymous

February 12, 2016

Permalink

Thanks! Quick question: Is there a reason "Medium-High" uses click-to-play HTML5 audio/video media? I can live with Medium-High for daily use but the HTML5 media click-to-play can be a bit annoying at times

You have no clue what you're talking about
>Comparing open source to closed source
>Comparing single ffmpeg misconfiguration issue with giant attack surface of flash with hundreds of vulnerabilities
>Clearly don't understand how the tech works

Comparisons aside, his answer is correct: great increase in attack surface + bad vulnerability track record => great increase in de-anonymisation risk.

Anonymous

February 12, 2016

Permalink

Hi ,

i have a problem with firefox, i see anything this message "The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is working."

how i can make for have Tor , before i was download this version i never have problem,

thanks & thanks for your working

Anonymous

February 12, 2016

Permalink

Why ever would anyone NOT use all maximum security settings?
Just curious...

Practicality, mostly. The maximum security setting does slow many websites down and it disables many web features. Some people (me for example) consider this too high of a price to pay.

Anonymous

February 12, 2016

Permalink

NO ENTIENTO EL LEGUAJE PERO DOY LAS GRACIAS POR TENER LA OPURTUNIDAD DE CONTAR CON ESTE POGRAMA GRACIA A USTEDE QUE ME ANDADO AMI ESTA OPORTUNIDAD ES MUY BUENO Y COMPARTIBLE CON MI NAVEGADOR MOZILLA FIREFOX

Anonymous

February 12, 2016

Permalink

nice one

Maybe it was just some corrupted download? Or maybe someone tampered with your (TLS) exit connection? Hard to tell. Keep an eye open, I suppose.

Anonymous

February 12, 2016

Permalink

Hello,
I will try and make short... I downloaded Tor few days ago, left all settings as Tor has them, did all recommended things, no tool bar stuff, no plugins, and so on. Tor's been running just fine, I use it mainly for one site that I need to log in and change pages. Today 2-12-16 Tor did auto update (5.2.2), all was fine, restarted. So here is the problem.. After I log into that site just fine, after about 5 minutes and changing a few pages on that site, the site logs me out as if the IP address/Tor network disconnected briefly. This keeps happening even after I try different Tor Circuit or New Identity.
Any recommendations would be appreciated. ( will check back later for reply) Thank you.

The site is probably expiring your session when the exit IP changes, as a security measure. Try enabling TrackHostExits in your torrc file located within the tor browser directory. Add the line

TrackHostExits 1

Anonymous

February 12, 2016

Permalink

ok

Anonymous

February 12, 2016

Permalink

thank you

Anonymous

February 12, 2016

Permalink

is it really safe to allow script in https as well as non https websites

gk pls advice and help