Tor Browser 5.5.2 is released

Tor Browser 5.5.2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.

The full changelog since 5.5.1 is:

Tor Browser 5.5.2 -- February 12 2016

  • All Platforms
    • Update Firefox to 38.6.1esr
    • Update NoScript to 2.9.0.3

let's say it that way: it's less safe. In combination with flash you are definitely leaking your real ip (confirmed with wireshark).

Using Whonix would be a solution to this problem, however, you need to have faith in the guys behind it.

k239

February 12, 2016

Permalink

There is a new bug in Tor Browser when the CloudFlare Captcha is encountered. One of the captchas requires the web site visitor to copy and past a string of code into a text box then press "verify" button, but the web page layout in this new version of Tor Browser will hide that button, which makes the verification not possible to proceed (this bug did not exist in earlier versions of Tor Browser). It is kind annoying since lots of websites demand this step to go further.

It sounds like you're confused about the CloudFlare bug where CloudFlare censors websites and requires many thousands of users to solve stupid captchas before allowing people to visit websites.

clodflare captchas never work for me, but...
try disabling stylesheet from the View menu. the button might become visible.

alternatively and much more cumbersom IMO,
menu-click near where the button had been, select "inspect element (Q)"
you might have to move around in the html code pane... until you can select the input button.
edit the style to make visible.

Cloudflare captchas actually started working for me around a week ago, with Javascript disabled. They show a bunch of pictures and say to pick out the street signs, for example. Then you have to copy & paste a code string over. This is the first time in something like a year where they are working for me. It's possible other sites continue to be broken, though.

k239

February 12, 2016

Permalink

Thanky you very much for your work!

TBB 5.5.2 version is released because of security updates. Will Tails follow suit or do users have to make do with the insecure Tails 2.0 for the time being?

Tails released an update yesterday, updating TB to 5.5.2

https://tails.boum.org/news/version_2.0.1/index.en.html

Danke funktioniert .

still wont go full screen when clicking the square

oop. Got no full-screen big since updating to 5.5.2 :(
any user prefs. in about:config trigger this? I've disabled canvas, additionally!

Setting the homepage to about:tor should help. We are working on this in https://bugs.torproject.org/16725.

thanks a lot

Thanky you very much

Thank's you have in nice cool browser is it really safe to allow script in https well good https websites.

Спасибо!

I'm still updating manually so I can verify the signature with gpg. I know the update server cert is pinned, but a compromise of that server could compromise the package. On the other hand, the tbb package is gpg signed on the developer's machine and would be immune to update server compromise, correct?

How much work would it be for the tbb developers to modify the auto updater to check the download against an embedded gpg signature?

It checks against an embedded signature. And Tor Browser refuses to apply the update if tha signature is wrong. So, even if the update server were compromised that's not enough to get our users to apply a compromised update.

You learn something new every day. Thanks!

Merci!

Thank you so much for all the work - every single day i use Tor and am thankful for it.

thanks you!

nice

thank you

anyone getting could not load xpcom when they boot up tor

Hi,

This new version added some new features which is useful. Keep up the good work. In fact it solved a problem. I was trying to download a file using Microsoft Edge browser but the URL was messed up by our local ISP. I used Tor browser and every thing worked fine.

salut

Can someone please tell me why 5.5.2 updates automatically?

Previously I was promoted to download the tar file and the signature to check with gpg.

Why the change? Shouldn't this have been announced? No everyone likes automatic downloads without knowing in advance!

Not sure what you mean but there have been no updater related changes in a while.

Did you happen to update to 5.5.2 from a really old version? I don't remember which version, but the auto updater was introduced quite a while ago. There is an about:config option to disable it, but I'm not sure if TorButton still blinks when a new tarball is available since the auto updater was enabled, so you would risk running an outdated version if you disable it.

thanks so much

veray nice

Danke !!!!

thank you

Thankfully because Tor Browser anti filter internet . this anti is great.

Hello bro!

how to change independently new circuit (TIME change)?
or auto change 3 minutes

The Tor configuration shipped with Tor Browser already changes circuit based on time (10 minutes IIRC). I would advice not changing it, but if you still want to do it read the tor manual page.

Cannot install latest Tor update. I attempt to install and I am given a error pop-up message from Windows 10 reporting I may have another copy of Firefox running.

Checked all processes and do not ever see more than the one instance running when I attempt the update. Tried several times and attempted the install later option but no luck.

Any thoughts.......

-----mikeD

For reasons unknown this morning when I started Tor per usual on Firefox the Tor update completed without reported error!

Changelog:
Tor Browser 5.5.2 -- February 12 2016
* All Platforms
* Update Firefox to 38.6.1esr
* Update NoScript to 2.9.0.3

Thanks and keep up the good work!

-----mikeD

After a fresh installation of torbrowser-install-5.5.2_en-US.exe in a new folder I get two pages at start in different tabs. The "Welcome" page and a page saying "Tor Browser has been updated".

What triggers this page with the update notification?
I would like to preclude the possibility of unknown changes after starting a new installation.

Hm... works for me. Does this happen every time you download a clean, fresh Tor Browser 5.5.2 and install it? Which Windows are you using?

The page gets loaded if the browser is detecting a new Tor Browser version after an update. (at least that's the idea)

I found transferring the pref.js with my settings from the previous installation results into the additional tab with the "Tor Browser has been updated" page.
This has not occurred on any previous installation up to Torbrowser 5.5 despite using the same pref.js.

thanks

thank you very much

great job guys and what about updates for Orfox for mobile i use my Android Phone more often 4 internet , i dont need it as much as others do but i have a crappy overheating computer currently when used too much

thank you very much for your work!

good nice one