Tor Browser 6.0.3 is released

Tor Browser 6.0.3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 45.3.0esr. Additionally, it bumps NoScript to 2.9.0.12, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.

Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.

Update (August 11, 10:04 UTC): Starting from a couple of hours ago Tor Browser users might see a notification box in their browser claiming that Firefox is too old providing a button to get a newer one. This is both due to a server-side code change on Mozilla's side and an oversight by us during the ESR45 transition. Clicking on the "Get Firefox" button is safe and leads the user to our Tor Browser download page. Needless to say, this whole behavior is highly confusing and we apologize for it. We are working on a fix as quickly as possible and hope to get Mozilla to exempt Tor Browser users from this feature while we are working on a new release. For technical details see our bug tracker.

Here is the full changelog since 6.0.2:

All Platforms
- Update Firefox to 45.3.0esr
- Update Torbutton to 1.9.5.6
  - Bug 19417: Disable asmjs for now
  - Bug 19689: Use proper parent window for plugin prompt
- Update HTTPS-Everywhere to 5.2.1
- Update NoScript to 2.9.0.12
- Bug 19715: Disable the meek-google pluggable transport option
- Bug 19714: Remove mercurius4 obfs4 bridge
- Bug 19585: Fix regression test for keyboard layout fingerprinting
- Bug 19515: Tor Browser is crashing in graphics code
- Bug 18513: Favicon requests can bypass New Identity
OS X
- Bug 19269: Icon doesn't appear in Applications folder or Dock
Android
- Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined

ok thanks

thanks

Thanks

ok . you are very execellent.

TorButton no update =(

Will 6.0.3 eventually be

Will 6.0.3 eventually be available via gettor?

Does Tor have a "do not

Does Tor have a "do not automatically install Tor updates" button?

ELC

In about:config you can set

In about:config you can set app.update.auto to false:
http://kb.mozillazine.org/App.update.auto

Actually, Tor

Actually, Tor tools>options>advanced>updates already has dashboard options available as in:

"Automatically install updates (recommended: improved security)"

"Check for updates, but let me choose whether to install them."

"Never check for updates (not recommended: security risk)"

Tor, like any other app, requires fettling to conform it to your personal requirements.

Using Tor, as is, is a poor security choice so please take the trouble to read and understand the values of all the options on offer - not only in the tools menu but also in NoScript and in Tor button.

Understand also that the Tor browser is only fully secure when accessing sites available on the Tor network and nowhere else.

Now the comment above, "...

Now the comment above, "... the Tor browser is only fully secure when accessing sites available on the Tor network and nowhere else." caught my attention like a hornet in a coke can.

I freely admit to limited understanding of Tor/anonymous nuances but that comment sounds as if I should have heard it first day in class.

How does one know if accessing a site with Tor on another network?

Said another way, if the site is on another network and not Tor's network I did think, until now, that it would be virtually impossible to pierce the Tor veil.

If you've the patience, a little dumb down would be appreciated, or point me to another source.

dontwanttocsun

If the URL ends with .onion

If the URL ends with .onion you are on the TOR network, if it ends with .com or anything other than .onion, you are exiting TOR to the regular internet.

Thank you

"mercurius4 removed" But

"mercurius4 removed"
But what about : https://trac.torproject.org/projects/tor/ticket/19690 ?

Surely you're not waiting until the last minute?

https://lists.torproject.org/

https://lists.torproject.org/pipermail/tor-project/2016-August/000612.h…

thanks!

ok thanks

thanks for instaliation

does it automatically update

does it automatically update or do I need to download it again

It should update using the

It should update using the internal updater. To make it update now, you can click on the onion and select "Check for Tor Browser Update".

need update

thanks

gracias...

Why the new TBB 6.0.3 is

Why the new TBB 6.0.3 is using
the old TorVersion Tor 0.2.7.6?

Tor 0.2.8.6 is stable?
"Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series"
https://blog.torproject.org/blog/tor-0286-released

It was too late to integrate

It was too late to integrate this new version of Tor in this release of Tor Browser. But the alpha version 6.5a2 includes Tor 0.2.8.5-rc.

thanks ! i have a question

thanks !

i have a question : is telegram desktop safe if i set it with tor ? i mean telegram desktop get tor DNS Given that there are no options in the remote DNS on it?

good

The changelog says, that

The changelog says, that NoScript was updated to 2.9.0.12. After I`ve updated (OS X) to TorBrowser 6.0.3, I`m using NoScript 2.9.0.13.

Yes, we ship 2.9.0.12 but

Yes, we ship 2.9.0.12 but while the new release got built/rolled out the author pushed 2.9.0.13 which got picked up by your Tor Browser.

Is it possible minimize Tor

Is it possible minimize Tor into the system tray?

ty

thanks

I updated TBB using the

I updated TBB using the "About Tor Brower".
Initially everything seemed alright. TBB finished updating and I restarted it.
The home page said that my TBB is ver 6.0.3.
After a while, I realized that https everywhere was gone. I checked the add-ons list and it only listed noscript, torbutton, and tor launcher.
I ended up downloading a fresh copy of TBB; now everything is okay.

Are you the same user that

Are you the same user that reported this behavior for the previous version? We have https://bugs.torproject.org/19491 and are looking for repeatable steps for your problem to look closer at it. If you have any, please share! (If you want to test, 6.0.2 can be found on https://dist.torproject.org/torbrowser/6.0.2/)

Is this correct that I'm

Is this correct that I'm uniquely fingerprintable with Medium-High security settings, because there's no font fingerprinting defense?

The slider is only concerned

The slider is only concerned with the security of your Tor Browser not with your fingerprintability, say, by examining the fonts available. That said this risk should got minimized from Tor Browser 5.5 on where we started shipping the same fonts to use (roughly) for all users of the same platform.

Does http://ip-check.info

Does http://ip-check.info lie?
Fonts 58 installed fonts have been found on your computer. bad

thanks

most superr browser

ok very good

ok
very good

I clicked Enable plugins in

I clicked Enable plugins in Add-ons Manager, then opened Privacy and Security Settings and found Disable browser plugins still selected. So are plugins enabled or disabled now?

Youtube is still unusable

Youtube is still unusable with High security settings :(

Some sites are bound to be

Some sites are bound to be unusable at High Security, as they require features that are disabled at High Security in order to function. Last I checked, Youtube didn't like that HTML5 was click to play at high security. There's some concern that a bug might allow a video to be used in an exploit, therefore HTML5 video is click to play.

Youtube JS player crashes

Youtube JS player crashes when a browser says it supports SVG, but doesn't allow to draw player's elements. Video plays automatically, though.

Do you have steps to

Do you have steps to reproduce for the crashes?

You can use youtube-dl

You can use youtube-dl software. When a video interests you, download it with this stuff, with --proxy "socks5://127.0.0.1:9150"
9150 will use your tor browser's tor. If you prefer, you can run another tor instance and use theirs port.
You can open and watch a video before it's fully downloaded, just can't seek to a time that hasn't downloaded yet
For better security you might want to use app that hooks youtube-dl and force every connection through tor, like freecap, AdvOR etc

You could try the Tor

You could try the Tor Browser in Tails at High Security setting and see if it works for you. Tor Browser in Tails runs faster ( for me ) than the same Tor Browser version for Windows. YouTube videos play much clearer and smoother in Tails than Windows, although at a lower Security setting.

Very Good Browser

Very Good
Browser

The TOR home page blog video

The TOR home page blog video "Breaking through censorship barriers, even when Tor is blocked" the web site in the video pointing to pluggable transports can't be found.

https://www.torproject.org/PT

Thank you for your diligence!

I have tried uninstalling

I have tried uninstalling and reinstalling but the new version keeps telling me firefox is not found for installation. I gone though searching my whole c drive(after making sure I have removing older copies), %appdata% threads and drives and removing or renaming directories like they recommend but nothing is working, I know firefox has released two new versions in two days but their update chart and your comment thread says everything is fine. Have you guys been getting any similar reports or is something up with my system. This is my first upgrade with you guys since being forced into win10. Thanks ahead of time, Johnny

So, you downloaded a clean

So, you downloaded a clean Tor Browser 6.0.3 on your machine, extracted it and started it? And then what happened?

Tor Browser 6.0.3 is released

Changes in version 0.4.3.1-alpha - 2020-01-22