Tor Browser 6.0.3 is released
Tor Browser 6.0.3 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This release updates Firefox to 45.3.0esr. Additionally, it bumps NoScript to 2.9.0.12, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.
Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.
Update (August 11, 10:04 UTC): Starting from a couple of hours ago Tor Browser users might see a notification box in their browser claiming that Firefox is too old providing a button to get a newer one. This is both due to a server-side code change on Mozilla's side and an oversight by us during the ESR45 transition. Clicking on the "Get Firefox" button is safe and leads the user to our Tor Browser download page. Needless to say, this whole behavior is highly confusing and we apologize for it. We are working on a fix as quickly as possible and hope to get Mozilla to exempt Tor Browser users from this feature while we are working on a new release. For technical details see our bug tracker.
Here is the full changelog since 6.0.2:
- All Platforms
- Update Firefox to 45.3.0esr
- Update Torbutton to 1.9.5.6
- Update HTTPS-Everywhere to 5.2.1
- Update NoScript to 2.9.0.12
- Bug 19715: Disable the meek-google pluggable transport option
- Bug 19714: Remove mercurius4 obfs4 bridge
- Bug 19585: Fix regression test for keyboard layout fingerprinting
- Bug 19515: Tor Browser is crashing in graphics code
- Bug 18513: Favicon requests can bypass New Identity
- OS X
- Bug 19269: Icon doesn't appear in Applications folder or Dock
- Android
- Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
ok thanks
ok
thanks
Thanks
Thanks
ok . you are very execellent.
ok . you are very execellent.
TorButton no update =(
TorButton no update =(
Will 6.0.3 eventually be
Will 6.0.3 eventually be available via gettor?
Does Tor have a "do not
Does Tor have a "do not automatically install Tor updates" button?
ELC
In about:config you can set
In about:config you can set app.update.auto to false:
http://kb.mozillazine.org/App.update.auto
Actually, Tor
Actually, Tor tools>options>advanced>updates already has dashboard options available as in:
"Automatically install updates (recommended: improved security)"
Or
"Check for updates, but let me choose whether to install them."
Or
"Never check for updates (not recommended: security risk)"
Tor, like any other app, requires fettling to conform it to your personal requirements.
Using Tor, as is, is a poor security choice so please take the trouble to read and understand the values of all the options on offer - not only in the tools menu but also in NoScript and in Tor button.
Understand also that the Tor browser is only fully secure when accessing sites available on the Tor network and nowhere else.
Now the comment above, "...
Now the comment above, "... the Tor browser is only fully secure when accessing sites available on the Tor network and nowhere else." caught my attention like a hornet in a coke can.
I freely admit to limited understanding of Tor/anonymous nuances but that comment sounds as if I should have heard it first day in class.
How does one know if accessing a site with Tor on another network?
Said another way, if the site is on another network and not Tor's network I did think, until now, that it would be virtually impossible to pierce the Tor veil.
If you've the patience, a little dumb down would be appreciated, or point me to another source.
dontwanttocsun
If the URL ends with .onion
If the URL ends with .onion you are on the TOR network, if it ends with .com or anything other than .onion, you are exiting TOR to the regular internet.
Thank you
Thank you
"mercurius4 removed" But
"mercurius4 removed"
But what about : https://trac.torproject.org/projects/tor/ticket/19690 ?
Surely you're not waiting until the last minute?
https://lists.torproject.org/
https://lists.torproject.org/pipermail/tor-project/2016-August/000612.h…
thanks!
thanks!
ok thanks
ok thanks
thanks for instaliation
thanks for instaliation
does it automatically update
does it automatically update or do I need to download it again
It should update using the
It should update using the internal updater. To make it update now, you can click on the onion and select "Check for Tor Browser Update".
need update
need update
thanks
thanks
gracias...
gracias...
Why the new TBB 6.0.3 is
Why the new TBB 6.0.3 is using
the old TorVersion Tor 0.2.7.6?
Tor 0.2.8.6 is stable?
"Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series"
https://blog.torproject.org/blog/tor-0286-released
It was too late to integrate
It was too late to integrate this new version of Tor in this release of Tor Browser. But the alpha version 6.5a2 includes Tor 0.2.8.5-rc.
thanks ! i have a question
thanks !
i have a question : is telegram desktop safe if i set it with tor ? i mean telegram desktop get tor DNS Given that there are no options in the remote DNS on it?
good
good
The changelog says, that
The changelog says, that NoScript was updated to 2.9.0.12. After I`ve updated (OS X) to TorBrowser 6.0.3, I`m using NoScript 2.9.0.13.
Yes, we ship 2.9.0.12 but
Yes, we ship 2.9.0.12 but while the new release got built/rolled out the author pushed 2.9.0.13 which got picked up by your Tor Browser.
Is it possible minimize Tor
Is it possible minimize Tor into the system tray?
ty
ty
thanks
thanks
I updated TBB using the
I updated TBB using the "About Tor Brower".
Initially everything seemed alright. TBB finished updating and I restarted it.
The home page said that my TBB is ver 6.0.3.
After a while, I realized that https everywhere was gone. I checked the add-ons list and it only listed noscript, torbutton, and tor launcher.
I ended up downloading a fresh copy of TBB; now everything is okay.
Are you the same user that
Are you the same user that reported this behavior for the previous version? We have https://bugs.torproject.org/19491 and are looking for repeatable steps for your problem to look closer at it. If you have any, please share! (If you want to test, 6.0.2 can be found on https://dist.torproject.org/torbrowser/6.0.2/)
Is this correct that I'm
Is this correct that I'm uniquely fingerprintable with Medium-High security settings, because there's no font fingerprinting defense?
The slider is only concerned
The slider is only concerned with the security of your Tor Browser not with your fingerprintability, say, by examining the fonts available. That said this risk should got minimized from Tor Browser 5.5 on where we started shipping the same fonts to use (roughly) for all users of the same platform.
Does http://ip-check.info
Does http://ip-check.info lie?
Fonts 58 installed fonts have been found on your computer. bad
thanks
thanks
most superr browser
most superr browser
ok very good
ok
very good
I clicked Enable plugins in
I clicked Enable plugins in Add-ons Manager, then opened Privacy and Security Settings and found Disable browser plugins still selected. So are plugins enabled or disabled now?
Youtube is still unusable
Youtube is still unusable with High security settings :(
Some sites are bound to be
Some sites are bound to be unusable at High Security, as they require features that are disabled at High Security in order to function. Last I checked, Youtube didn't like that HTML5 was click to play at high security. There's some concern that a bug might allow a video to be used in an exploit, therefore HTML5 video is click to play.
Youtube JS player crashes
Youtube JS player crashes when a browser says it supports SVG, but doesn't allow to draw player's elements. Video plays automatically, though.
Do you have steps to
Do you have steps to reproduce for the crashes?
You can use youtube-dl
You can use youtube-dl software. When a video interests you, download it with this stuff, with --proxy "socks5://127.0.0.1:9150"
9150 will use your tor browser's tor. If you prefer, you can run another tor instance and use theirs port.
You can open and watch a video before it's fully downloaded, just can't seek to a time that hasn't downloaded yet
For better security you might want to use app that hooks youtube-dl and force every connection through tor, like freecap, AdvOR etc
You could try the Tor
You could try the Tor Browser in Tails at High Security setting and see if it works for you. Tor Browser in Tails runs faster ( for me ) than the same Tor Browser version for Windows. YouTube videos play much clearer and smoother in Tails than Windows, although at a lower Security setting.
Very Good Browser
Very Good
Browser
The TOR home page blog video
The TOR home page blog video "Breaking through censorship barriers, even when Tor is blocked" the web site in the video pointing to pluggable transports can't be found.
https://www.torproject.org/PT
Thank you for your diligence!
Thank you for your diligence!
I have tried uninstalling
I have tried uninstalling and reinstalling but the new version keeps telling me firefox is not found for installation. I gone though searching my whole c drive(after making sure I have removing older copies), %appdata% threads and drives and removing or renaming directories like they recommend but nothing is working, I know firefox has released two new versions in two days but their update chart and your comment thread says everything is fine. Have you guys been getting any similar reports or is something up with my system. This is my first upgrade with you guys since being forced into win10. Thanks ahead of time, Johnny
So, you downloaded a clean
So, you downloaded a clean Tor Browser 6.0.3 on your machine, extracted it and started it? And then what happened?