Tor Browser 6.0.1 is released

Tor Browser 6.0.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 6.0.1 is the first point release in our 6.0 series. It updates Firefox to 45.2.0esr, contains fixes for two crash bugs and does not ship the loop extension anymore.

Update (June, 8, 12:28 UTC): We just found out that our incremental updates for Windows users were not working. After a short investigation this issue could get resolved and incremental updates are working again. One of the unfortunate side effects of this bug was that all users upgrading from 6.0 got the English 6.0.1 version. The safest way to get a properly localized Tor Browser again is to download it from our homepage. We are sorry for any inconvenience due to this.

Update 2 (June, 10, 9:17 UTC): Linux users that hit serious performance regressions with Tor Browser 6.x might want to try setting gfx.xrender.enabled to false. For a detailed discussion of this problem see bug 19267.

Update 3 (June, 10, 9:22 UTC): We plan to post instructions for removing the OS X code signing parts on our website soon. This should make it easier to compare the OS X bundles we build with the actual bundles we ship.

Update 4 (June, 15, 8:34 UTC): There are a number of users reporting crashes on mega.nz and Facebook. We are still investigating this bug and are working on a fix. Meanwhile there are at least two ways to avoid those crashes: 1) Using a clean new Tor Browser 6.0.1 (including a new profile) solves the problem. 2) As files cached by those websites in the Tor Browser profile are somehow related to the crashes, deleting them helps as well. See bug 19400 for more details in this regard.

Here is the full changelog since 6.0:

  • All Platforms
    • Update Firefox to 45.2.0esr
    • Bug 18884: Don't build the loop extension
    • Bug 19187: Backport fix for crash related to popup menus
    • Bug 19212: Fix crash related to network panel in developer tools
  • Linux
    • Bug 19189: Backport for working around a linker (gold) bug
Anonymous

June 07, 2016

Permalink

My Tor Browser changed language after the update.

Of Portuguese Portugual changed to English.

Its back to the original language without downloading the browser again?

Which operating system are you on?

EDIT: And if you click on the hamburger menu -> Add-ons -> Languages you should be able to select Portuguese again. After a restart everything should be fine.

Okay, it seems this was due to a bug in our updating infrastructure (see the note in the blog post above). As I said there, the safest way is probably to download the pt-PT browser again from our website. As an alternative you might get away with just grabbing the language pack from Mozilla directly: https://ftp.mozilla.org/pub/firefox/candidates/45.2.0esr-candidates/bui… and then you can enable it as outlined in my other reply. I have not tested that though, so no guarantees. :)

Anonymous

June 07, 2016

Permalink

:D (y)

Anonymous

June 07, 2016

Permalink

How can I stop automatic updates?

I need to download elsewhere for safety.

Please help, I am in danger because of these updates.

Go to Options (about:preferences), then to Advanced->Update->Never check for updates.
Please do not forget to update, especially if you use something dangerous like JavaScript.
Also, addons autoupdating should be turned off separately in about:addons (small cog->uncheck Update Add-ons Automatically), if that is important to you.

'Never check for updates' doesn't stop the updates.

Removing the visible update files from the package or newly externalized folder doesn't stop the updates.

Flipping bits and removing links in about:config doesn't stop the updates.

Where are the update instructions coming from? Do I need to pull some git files and remove code before packaging binaries?

Please help.

There are always a lot of posts as yours about safety during updating. Don't you know that updates are going through Tor network? Or is there another issue?

Anonymous

June 08, 2016

Permalink

This is the second update in a week, did something cause such a short amount of time to be between updates?

The first update was part of the soft-launch of 6.0: I.e. if there were serious issues with 6.0 users could still downgrade to 5.5.5 without being exposed to known Firefox vulnerabilities. 6.0.1 brings the fixes to known Firefox vulnerabilities and using 5.5.5 is not recommended anymore from now on.

Anonymous

June 08, 2016

Permalink

After the automatic update it now says "Something Went Wrong Tor is not working in the browser"

Anonymous

June 08, 2016

Permalink

On Windows all previous updates were in:
Tor Browser\Browser\TorBrowser\Data\Browser\Caches\firefox\updates\0
UPDATE TYPE partial
update.mar (~33MB) is left in this folder. (5.5.5 to 6.0)

Update from 6.0 to 6.0.1 is in:
Tor Browser\Browser\TorBrowser\UpdateInfo\updates\0
UPDATE TYPE complete

Anonymous

June 08, 2016

Permalink

once downloaded it refuses to open. Running on windows 10. opened folder and tried all exe. files and still will not run

I won't install this on Win 10 as I've not been able to see v 6.0 run myself and haven't read that anyone else has yet. Has this been made to work on Win 10 yet?

Anonymous

June 08, 2016

Permalink

Why is about:tbupdate allowed in NoScript, but the other about:* don't?

Anonymous

June 08, 2016

Permalink

I updated Tor and now it wont start! tried to delete and download again - sgtill wont start?

I'm also having the same problem. No error messages. Happens with or without anti-virus SW enabled. Actually having to go back to v. 4.5.1 to get a working tor as it's the last bundle installer I have downloaded; all versions since then have been in-browser updates. Complete removal and re-install with a freshly downloaded v. 6.0.1 does not fix the issue. This new version simply fails to start in Windows 10 Pro x64

Anonymous

June 08, 2016

Permalink

This update "Tails 2.4" solves a major security flaw regarding connections to the Tor servers. With version 2.4 beta Tails, I noted that the 9001 port was constantly blocked. Today, at the start of Tails Browser Bundle automatic update to work properly, the 9001 port is operational, it ensures proper timing of updates with firefox and core. The DomainFactory particular server (for example) properly establishes the connection on port 9001. It unfortunately remains unresolved for some DNS leakage problem. 1 month ago, I saw (ipleak.net) that 10% of Tor circuits had DNS leaks. To resolve this vulnerability I channeled my DNS server LOCALHOST that points to OpenDNS.

I assume you mean a local DNS server that points to openDNS over For. One that points straight to openDNS over the clearnet is not really any better than the default configuration.

Another way to stop leaks is
iptables -t nat -A PREROUTING --dport 53 -j REDIRECT --to-port 9053
iptables -A INPUT ! -i lo --dport 53 -j DROP
With torrc:
DNSPort 9053

Which will stop DNS leaks even when applications attempt to use their own DNS servers (for whatever reason). Check the tor Wiki for a full set of firewall rules. Tails or Whonix is still the safest way to go.

On installation I realized my test, the flow of DNS queries Tails 2.4 passes through the port 5353 (default configuration), the port 53 is not used because I installed "Tails 2.4" on a virtual machine on which I configured a network interface "NAT" (DHCP only an internal IP address available for Tails). DNS queries to "Tails 2.4" pass directly to a VPN tunnel (UDP) installed on the physical machine (localhost). The host machine is configured with DNSCrypt OpenDNS in localhost. All authentication and Commnunication with OpenDNS server are encrypted .. The virtual network adapter (physical machine) has no default gateway. The DNS server of the virtual network adapter (physical machine) is set 127.0.0.1.

This configuration offers a better guarantee to stop all DNS leaks

I am not sure that your alternative (iptables) will stop the DNS leaks.

For information here is my security configuration that I start each time you start "Tails", this configuration must be adjusted according to your needs:

# command line to detect the sending of a too large volume of TCP packets with flags
# SYN,ACK,FIN,RST
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

# scan detection and IP address blocking
/sbin/iptables -A INPUT -p tcp -m multiport --dports 20:21,22,23,25,465,587 -m recent --set --name SCANNERS --rsource -j DROP

/sbin/iptables -A INPUT -p tcp -m multiport --dports 110,137:139,143,194 -m recent --set --name SCANNERS --rsource -j DROP

/sbin/iptables -A INPUT -p tcp -m multiport --dports 9050,9051,9052,9062,9061,4101,6136 -m recent --set --name SCANNERS --rsource -j DROP

I forgot in my previous comment this line to block the IP addresses of robots scanners:

iptables -A INPUT -m recent --update --seconds 3600 --hitcount 2 --name SCANNERS --rsource --reap -j DROP

Anonymous

June 08, 2016

Permalink

Please release Tor with 64 bit Firefox ESR version for windows as soon as possible. Thanks.

NOTE: Firefox 45 (ESR) has an official 64 bit version for windows.

I have now installed the update on a virtual machine running "WIndows 10 Pro x86-64bits" (VMWARE WORKSTATION), everything works fine! I also updated a physical machine running "Windows 8.1 Pro", everything works properly! :)

Tor Browser 6.0.1, Update Firefox to 45.2.0esr
Glad to see the update "Tails 2.4" has corrected many bug !