Tor Browser 6.0.1 is released

Tor Browser 6.0.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 6.0.1 is the first point release in our 6.0 series. It updates Firefox to 45.2.0esr, contains fixes for two crash bugs and does not ship the loop extension anymore.

Update (June, 8, 12:28 UTC): We just found out that our incremental updates for Windows users were not working. After a short investigation this issue could get resolved and incremental updates are working again. One of the unfortunate side effects of this bug was that all users upgrading from 6.0 got the English 6.0.1 version. The safest way to get a properly localized Tor Browser again is to download it from our homepage. We are sorry for any inconvenience due to this.

Update 2 (June, 10, 9:17 UTC): Linux users that hit serious performance regressions with Tor Browser 6.x might want to try setting gfx.xrender.enabled to false. For a detailed discussion of this problem see bug 19267.

Update 3 (June, 10, 9:22 UTC): We plan to post instructions for removing the OS X code signing parts on our website soon. This should make it easier to compare the OS X bundles we build with the actual bundles we ship.

Update 4 (June, 15, 8:34 UTC): There are a number of users reporting crashes on mega.nz and Facebook. We are still investigating this bug and are working on a fix. Meanwhile there are at least two ways to avoid those crashes: 1) Using a clean new Tor Browser 6.0.1 (including a new profile) solves the problem. 2) As files cached by those websites in the Tor Browser profile are somehow related to the crashes, deleting them helps as well. See bug 19400 for more details in this regard.

Here is the full changelog since 6.0:

  • All Platforms
    • Update Firefox to 45.2.0esr
    • Bug 18884: Don't build the loop extension
    • Bug 19187: Backport fix for crash related to popup menus
    • Bug 19212: Fix crash related to network panel in developer tools
  • Linux
    • Bug 19189: Backport for working around a linker (gold) bug

I copied and pasted things on Facebook's front page several times using the onion service on a Debian testing system. No luck in reproducing your problem. Can you give me steps to do so? Even better, do you feel comfortable trying to capture a stack trace of the crash? If so, could you open a ticket on our bug tracker and we can get the technical discussion going there? Thanks for you help!

Hi, I experience the same thing after update. I use Debian jessy. I am novice in linux,
can you tell me where to lock for log files?
TB is crashing usually when I click browse button, and when I try to select image to upload it crashes, without confirmation.

happens to me all the time, trying to write something, opening people's pages doing anything other than scrolling through the newsfeed. It is doing my head in. Using Yosemite 10.10.5

We are still investigating the problem (see: https://trac.torproject.org/projects/tor/ticket/19400). An easy workaround is using a clean, new Tor Browser 6.0.1. See: https://trac.torproject.org/projects/tor/ticket/19400#comment:16 point 3) or https://trac.torproject.org/projects/tor/ticket/19400#comment:22 ff. for just removing the offending files in your profile as another way to solve the issue.

Anonymous

June 08, 2016

Permalink

Noticed lately when refreshing to a new tor circuit it always returns the same United States IP as the first circuit 158.69.205.247 - why? or is this normal?

When you still have the same IP address, it may be that your connection "Tor" is no longer in the Tor network. To be safe you should test the network settings "Tor". Do you have a VPN connection to upstream installed on your host machine?

Anonymous

June 08, 2016

Permalink

Hi there,
Thanks for the update..
is the Reader-View Disabled by TBB Devz?
if (YES)!
may know why?

Thanx again..& Bye4Now

Anonymous

June 08, 2016

Permalink

Some files disappeared from my tor-browser/Browser/Downloads folder when I restarted to apply the update. I think they were downloaded between the updater downloading the update and me clicking the restart now button. Is that expected behavior?

Anonymous

June 08, 2016

Permalink

Why is it searching duck duck go when i enter the url wrong. (accidentally hit \ before enter, for example typing 'gmail.com\' will search instead of either telling me that 'gmail.com\' doesn't exist or going to gmail.com)

Because DuckDuckGo is used as the fallback search engine as long as Disconnect can't provide Google search results anymore. And entering a non-URL in the search bar and hitting enter performs a search by default.

No, if you enter other non-urls, it just says it can't connect. (Try http://asdfsa.poop/ for example, you get "Firefox can't establish a connection to the server at asdfsa.poop.") That is what I thought was the default behavior, to prevent you from accidentally searching something you specifically didn't enter into the search bar. (I know the default Firefox behavior is different.)

What I entered was a valid URL, plus a \ at the end (which isn't hard to accidentally do with the \ right by enter), and included a lot of ?blah=something-i-dont-really-want-searched stuff on the end.

Anonymous

June 08, 2016

Permalink

Hello fellow team of tor programmers, when the problem with an auto-update "kinda-thingie" will be solved? I prefer the manual update, when i can check all pgp keys...i dont know where autoupdates downloading from, neither if they're being checked by pgp keys...and it's creeping me out. Thanks for attention, and good luck, hope you'll answer. Because i can't turn it off even in the dev.mode =(

In the about:config there are various clock settings, about when tor expires, about after how long IDLE time the update takes place and also links with the keyword torproject of where updates come from. Once an auto-update takes place it tells you you need to restart for the update to go on effect, meaning NOTHING has yet changed if you haven't restarted. In the tor-browser directory you will find two folders and a file of the "update". Note also that your folder size has about doubled :) If you delete those two folders and that update file no update has gone into effect.

I do not know why this path was chosen, having an update be forced on users by so many different instructions "other than" the main setting DO NOT AUTO-UPDATE which seems irrelevant.

Numerous security problems with ff38 etc etc ...
Tor users are by default anti-authoritarian types, to have any decisions forced onto them is problematic as an approach.

Sincerely yours,
Evnomia

Anonymous

June 09, 2016

Permalink

Update ran as it always does and now TOR will not open. Using Windows 7. Worked fine until update and now doesn't work. Tried going to the 6.5a1 and it also won't open.

I click on the start Tor Browser icon and nothing happened. Deleted all previous versions, created a new folder and tried reinstalling that way - and still won't open.

Had an old 5.0.4 version in downloads and was able to get Tor working using that version.

What did you guys do? Never had any issues running Tor but now only the old version works.

Same here except running Windows 10. I reverted to 5.5.5 and it runs fine. I tried updating to 6.0 & then 6.0.1 and neither ever opened.

I opened & observed Process Explorer while trying to open 6.0.1 - PE showed TOR/Firefox.exe then after a second it showed a sub-file WerFault.exe, then the 2 files went red and closed in PE. I even tried loading with regular Firefox closed & tried deactivating anti-virus. Nothing.

Interesting ... I opened my Oracle VM and updated from 5.5.x to 6.0.1 without problem within the VM. But I still cannot get 6.0.1 to open in Windows 10.

Anonymous

June 09, 2016

Permalink

After update on 6.0.1 Tor doesn't work. I mean "The connection was reset" notice on everything - every clearnet and darknet sites

The standard sketch of a pair of onion circuits is

your-device <==> entry-node1 <==> relay-node1 <==> exit-node1 <--> nameserver

your-device <==> entry-node2 <==> relay-node2 <==> exit-node2 <--> destination

which is intended to suggest that tor circuits consist of three hops, with three well-encrypted links
<==>
but the last not-encrypted
<-->
with the exception that if your destination site supports https, the last link is also encrypted (probably not as well as the previous links however). The link to a public nameserver usually cannot be encrypted by Tor.

In a bit more detail: modern Tor uses different circuits for different domains, e.g. somesite.com, and in order to get to somesite.com, another circuit is constructed to a public nameserver, and the exit-node in that circuit looks up the IP address associated with "somesite.com", the last part of the URL you typed in Tor Browser's location pane, and then the exit-node in the original circuit connects to that IP.

It sounds like you might want an encrypted connection to the nameserver. Don't we all, but that is a problem with the infrastructure of the Internet itself, which as I understand, cannot be fixed by Tor alone.

I am only another user, not a Tor developer. No doubt someone will correct me if I got anything horribly wrong.

Anonymous

June 10, 2016

Permalink

" Sorry. You are not using Tor.

Your IP address appears to be: 2604:a880:1:20::46b:e001"

What does this mean?!

Looks like that may be the IPv6 address given to your computer by your ISP in a un-torified browser session.

Did you see this notice at check.torproject.org?

yes, i leaved a site clicking on the button "home" so i came back to the tor session and then checked it.
i was on isp _vpn_tor. .
so , it means that my session was not on tor and my vpn was cancelled by my isp without i realized it?
i disabled ipv6 but i wonder if it was a sophisticated hack or just an error.

Anonymous

June 10, 2016

Permalink

temporary file ?
unknown problem/hack/bug : june 10
seddm2xrp is a file in the the tor folder (version 6.0.1 _ linuxx64 verified-pgp) and it is the first time i see that.
what it is ?

Anonymous

June 10, 2016

Permalink

I use win 10 and tor wont open at all after updating to 6.1, is there a link to peel it back to 6.0?

Anonymous

June 10, 2016

Permalink

Haven't been able to upgrade for the past 3 releases. I've used Tor browser for years, and am *pretty sure* it's not an operator error. ;-)

I've tried 6.0, 6.0a5, and 6.0.1 - none of them start or provide any error messages either, so it's difficult to say how far they are getting.

Prior releases worked, and reverting to 5.x works.

Ubuntu 10.10 (yes, a bit old but newer versions have trouble on this Aspire One. Atom 1.66 Ghz, 512K cache, 1 GB RAM. There's plenty of available disk space, all networks are operational, Vidalia is also able to connect, etc. This is something that crept in during the transition to 6.0.x.

Ubuntu 10.10 is long out-of-date and you are vulnerable using it. We are building Tor Browser now on Debian Wheezy and that might be the reason for you having this problem.