Tor Browser 6.0.1 is released

Tor Browser 6.0.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 6.0.1 is the first point release in our 6.0 series. It updates Firefox to 45.2.0esr, contains fixes for two crash bugs and does not ship the loop extension anymore.

Update (June, 8, 12:28 UTC): We just found out that our incremental updates for Windows users were not working. After a short investigation this issue could get resolved and incremental updates are working again. One of the unfortunate side effects of this bug was that all users upgrading from 6.0 got the English 6.0.1 version. The safest way to get a properly localized Tor Browser again is to download it from our homepage. We are sorry for any inconvenience due to this.

Update 2 (June, 10, 9:17 UTC): Linux users that hit serious performance regressions with Tor Browser 6.x might want to try setting gfx.xrender.enabled to false. For a detailed discussion of this problem see bug 19267.

Update 3 (June, 10, 9:22 UTC): We plan to post instructions for removing the OS X code signing parts on our website soon. This should make it easier to compare the OS X bundles we build with the actual bundles we ship.

Update 4 (June, 15, 8:34 UTC): There are a number of users reporting crashes on mega.nz and Facebook. We are still investigating this bug and are working on a fix. Meanwhile there are at least two ways to avoid those crashes: 1) Using a clean new Tor Browser 6.0.1 (including a new profile) solves the problem. 2) As files cached by those websites in the Tor Browser profile are somehow related to the crashes, deleting them helps as well. See bug 19400 for more details in this regard.

Here is the full changelog since 6.0:

  • All Platforms
    • Update Firefox to 45.2.0esr
    • Bug 18884: Don't build the loop extension
    • Bug 19187: Backport fix for crash related to popup menus
    • Bug 19212: Fix crash related to network panel in developer tools
  • Linux
    • Bug 19189: Backport for working around a linker (gold) bug

It is unfortunately true that wireless keyboards, especially ones which use poorly encrypted connections, are a serious security hazard. It is also true that intelligence agencies use various esoteric techniques (some of which can be exploited by technically able amateurs) to spy even on monitors and keyboards which are connected to a computer by a wired connection. It is not an easy task for the ordinary citizen to assess the degree of risk posed to their own computer use by such nastiness.

I would not recommend that all Tor users download commercial software from an unknown source, unless it in Open Source and has been audited by respected security researchers, because this seems more likely to introduce security flaws (or even malware) than to solve a specific and known-dangerous problem.

> Will Tor or Tails use the One Time Pad Encryption methods?

But in practical terms, how would you use them?

One-time-pads are indeed unbreakable, and trivial to implement. So why doesn't everyone use them for everything? Because the key needs to be of the same length as the message, and must somehow be shared in advance, with absolute secrecy.

Modern cryptosystems use secrets (key material) which are far shorter and easier to store, transport, and hide. In almost any scenario connected with modern computing, using a modern system makes more sense than trying to use a one time pad.

If you can find a copy, I highly recommend David Kahn's classic book The Codebreakers. This should help anyone to better understand the essential problems of cryptography, which have not really changed since Alberti's time.

OTP is made for sharing a secret between 2 persons (or more with a table) _ it is a manual procedure _ not ,for tor or a server or an usb even if something, someone, somewhere tried to do the same thing by electronic process (random must be real) ; maybe in a near future it will be possible but how it could be implemented or used ; that , i do not know.

Anonymous

June 11, 2016

Permalink

I experience Tor browser crash using facebook after update. I use Debian jessy.
TB is crashing usually when I click browse button, and when I try to select image to upload it crashes, without confirmation.

Anonymous

June 11, 2016

Permalink

I too am having problems with update 6.0.1. It simply doesn't open. Running Windows 10 - 64bit. Anyone got a solution?

Anonymous

June 11, 2016

Permalink

Upgraded to 6.0.1 and now Tor simply does not run. No error message. Nothing. Running Windows 10.

Anonymous

June 11, 2016

Permalink

Ever since 6.0 came out, ip-check.info says that the "your browser profile differs from the recommended".

Even a clean install throws up red flags about my user-agent and signature upon running tests.

What gives? Is their tor profile simply not yet updated or is there something wrong with 6.0?

Anonymous

June 11, 2016

Permalink

Ip-check keeps telling me that my profile doesn't match the standard, even on a clean install, with 6.0 onwards reported as "you are using an uncommon browser identifier" and flagging my user agent as bad.

Is their info simply out of date or is something else wrong?

Anonymous

June 11, 2016

Permalink

Upgraded to 6.0.1 and now TOR will open. Running on Windows 10. Will there be a fix soon for Windows users?

Anonymous

June 11, 2016

Permalink

Don't recommend 6.01. Version 6.0 ran like a dream, 6.01 consistently crashes on certain sites.

Hopefully 6.5 better. Will try that.

Thanks! And thanks for your help. Hm, so this works for me on different 64bit Linux systems. Did you try a fresh 6.0.1 with the default settings? Do I have to be logged in? If not, just loading the URL is what I did and I downloaded the pdf successfully as well. Am I missing some steps?

EDIT: Oh, and there are links to builds in comment 9 and 10 on https://bugs.torproject.org/19400 that might help bringing some light into this issue (assuming it is related). If you could test them that would be great.

Okay, I did download another copy of tor-browser-linux64-6.0.1_en-US as suggested.
Voila! No problem at all.

I made a slight misstatement earlier -- the only change from defaults on my previous 6.0.1 installation was to specify a different download directory. I did the same thing with this one, so as far as I am aware the two installations are totally identical, configuration-wise. The old 6.0.1 fails reliably every time, the new 6.0.1 works (on the half dozen downloads I have tried).

Guessing corruption in some internal file generated during use, possible during an update (my old 6.0.1 was upgraded in place via the normal update process -- auto downloaded and applied when starting an earlier version of TB; my new 6.0.1 was a fresh, complete installation from a clean .tar.xz file). Many thanks for your work.

Hi thanks! I am the original poster.

Yes, as the other commentator said, problem is trying to open mega.nz. Even just the home page will suffice for a freeze/crash.

Seems a few of us trying to access that site.

Sorry, my fault - I neglected to say I am on a mac. I see your builds are for linux.

Anyway, I'll try a fresh reinstall for now.

Thanks again for all your help.

I reinstalled, but have the same problem. Having said that, my browser immediately included previous bookmarks - so perhaps it isnt really clean?

Other than deleting the app, is there anything else I should delete, maybe hidden, to make it a fresh install?

Thanks.

2) The second crucial bit is that one must have visited e.g. mega.nz once before the update (I guess this applies to Facebook as well but I don't have an account to verify this). "Ideally", you have mega.nz open, apply your update and visit mega.nz again and it crashes.

I did visit it before the update. I can't access it now, so can't update again that way either.

3) The problem is confined to the Tor Browser profile. More specifically, for some reason there is a https+++mega.nz folder in profile.default/storage/temporary that contains binary asmjs/moduleN files which are different between a clean new profile used to visit mega.nz once and a profile that contains them after the update. Not sure whether that difference is enough to explain the crashes (probably not) but removing https+++mega.nz solves the problem for me.

Please help: I cannot find any such folder!

Opened the Tor app to show contents. Cannot see the word 'profile', nor mega.nz. in any folder. Finder couldn't help me either. I have Tor open as I do all this.

Searched library too and mozilla folder there.

Please let me know what my file path is. Thanks.

Anonymous

June 11, 2016

Permalink

Why can I not import bank certificates in the TorBrowser, like I do in Firefox. It used to work but does not anymore. Is there a good reason?

Searching the wiki for "certificate" it seems there should be no problem with using them. Problems concern checking which are bona fide.

So why does it not work for me. I use a toshiba satellite c660d-14e under various linux distros, eg ubuntu, fedora and recently sabayon and tb 6.0.1 Problem started several versions of tor browser ago.

Anonymous

June 11, 2016

Permalink

On the previous complaints about panopticlick.eff.org ratings going higher and after several tests and hacks to figure out why this was an issue with 6 and then 6.0.1 and even 6.51a 64hard I run into the ticket mentioning this project https://browserprint.info which helped me look harder into the https-everywhere differences. Starting with 5.1.6 from 5.5.5 and looking at 6 and 6.01 I noticed it went to 5.1.9 which seemed problematic. Do not know why. Now there is a 5.1.10 which you can manually upgrade to and according to the broweseprint results it now blocks screen resolution which seems as it was a serious issue since last year. Maximizing, adjusting screen size seems to have no effect and the ratings now seem to have gone to unbelievably good.

Let's hope it is in reality no other way to identify.

Now on the following header with this crazy updating business going on and the mistake of having to go to EN or having to choose language all over again it seems as by doing so two versions of ENglish show up in the language CONTENT SETTINGS.
If you just leave en-US the score goes to the right direction. The more languages you add the better you can be identified. So stick to en-us as it appears to be the most popular

HTTP_ACCEPT Headers 12.21 4723.07 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 gzip, deflate en-US

Time to depart from my beloved trusty 5.5.5 and onto 6.51-64-h

I recommend leaving the update option for the user to REALLY decide next.

Anonymous

June 11, 2016

Permalink

Ever since the new TBB 6.0.1 (Windows) update, pictures such as avatars don't show anymore on twitter apps.

Anonymous

June 11, 2016

Permalink

After a failed incremental update to 6.01, "a properly localized English full version" for windows 10 Tor Browser is not starting.

Anonymous

June 11, 2016

Permalink

TOR updates even when updates are shut off in the menu. After the unauthorized update, there is no red slash across the javascript when i do a search in startpage.com or go to reddit.

Anonymous

June 11, 2016

Permalink

i use the leak test at ipcheck.info
It is Great
It shows what people can see from your browser

Anonymous

June 11, 2016

Permalink

i DL Tor file torbrowserinstall-6.5a1_en-US.exe directly from your main site and my 360 total secuirty lit up RED saying it is a virus

it says it contains a trojan virus

Trojan (HEUR/QVM20.0.0000.Malware.Gen)

would you like the file for analysis?

I downloaded the regular, non beta tor from the same page 3 minutes before and that file is clean.

Anonymous

June 11, 2016

Permalink

I have Disconnect Search set as my default search engine, but when I search, it uses DuckDuckGo. Can I prevent this?

Thanks for replying!

Same problem as another poster above here on 6.0.1 on website mega.nz. I use it for my artistic projects/collaborations. Freezes and causes Tor to crash - every single time.

Same issue with 6.5a1.

Thank you for all your amazing efforts!

Okay, copying some of my questions from above:

Did you try a fresh 6.0.1 with the default settings? Do I have to be logged in to see the crash? And to be sure, 6.0 is working for you, right? (https://dist.torproject.org/torbrowser/6.0/)

Oh, and there are links to builds in comment 9 and 10 on https://bugs.torproject.org/19400 that might help bringing some light into this issue (assuming it is related). If you could test them that would be great.

Anonymous

June 12, 2016

Permalink

i can t open the website mega.nz anymore... Tor froze and need to be closed... happens once in facebook page... but in mega.nz 100% of the time Tor froze...