Tor Browser 6.0.3 is released
This release features important security updates to Firefox.
This release updates Firefox to 45.3.0esr. Additionally, it bumps NoScript to 220.127.116.11, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.
Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.
Update (August 11, 10:04 UTC): Starting from a couple of hours ago Tor Browser users might see a notification box in their browser claiming that Firefox is too old providing a button to get a newer one. This is both due to a server-side code change on Mozilla's side and an oversight by us during the ESR45 transition. Clicking on the "Get Firefox" button is safe and leads the user to our Tor Browser download page. Needless to say, this whole behavior is highly confusing and we apologize for it. We are working on a fix as quickly as possible and hope to get Mozilla to exempt Tor Browser users from this feature while we are working on a new release. For technical details see our bug tracker.
Here is the full changelog since 6.0.2:
- All Platforms
- Update Firefox to 45.3.0esr
- Update Torbutton to 18.104.22.168
- Update HTTPS-Everywhere to 5.2.1
- Update NoScript to 22.214.171.124
- Bug 19715: Disable the meek-google pluggable transport option
- Bug 19714: Remove mercurius4 obfs4 bridge
- Bug 19585: Fix regression test for keyboard layout fingerprinting
- Bug 19515: Tor Browser is crashing in graphics code
- Bug 18513: Favicon requests can bypass New Identity
- OS X
- Bug 19269: Icon doesn't appear in Applications folder or Dock
- Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined