Tor Browser 6.0.4 is released

Tor Browser 6.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release finally brings Tor Browser users the latest Tor stable, 0.2.8.6, and avoids pinging Mozilla's servers for system extensions.

Pinging Mozilla's servers was responsible for users getting an extension into their Tor Browser that resulted in annoying and confusing "Your Firefox is out of date" notifications on start-up (bug 19890). Thanks to Mozilla engineers, who fixed that issue as quickly as possible on their side, the extension is not shipped to Tor Browser users anymore since August 11 13:00 UTC. This takes care of getting the add-on removed as well in case it got installed into Tor Browser (as does the fix we ship in Tor Browser 6.0.4) which should have happened/is happening during the next extension update ping. For further information see the discussion in our bug tracker.

Users that are on the alpha channel or are using the hardened Tor Browser were not affected. The same goes for Tails users as far as we know.

The full changelog since Tor Browser 6.0.3 is:

Tor Browser 6.0.4 -- August 16

  • All Platforms
    • Update Tor to 0.2.8.6
    • Update NoScript to 2.9.0.14
    • Bug 19890: Disable installation of system addons

Without doing a detailed code audit, it's impossible to know for sure. Any addon has risks involving fingerprinting and use as an attack vector.

Anonymous

August 16, 2016

Permalink

i just wanna thank you to all you're great minds that brought this to us and one more thing if the CIA is tracking me how can i got it to stop lol off the record

Anonymous

August 16, 2016

Permalink

TBB Thanks for taking care of the recent MozFire update problem so quickly! That might of caused alot more sleepless nights for us that depend on your security and info to help make us feel safe! The new apps that were sent,with the new logo,are they safe to use with new version? or should those files be deleted! Thanks again congrats!

WOW: "starting with a clean TBB"!!

I'am running my Dear>TBB with about 24 FF-Add-ons!
(+15 disabled: ..some Enabled if needed)

1-Are there any possibility of anonymity risks involved!

2- Is it a future-possibility that TBB team might create a new division that Checks & Approves most used add-ones as of (TBB Singed Add-ons)

3- Thank You Very much :)

Yes, there's a possibility of anonymity risks with each addon; you can make your browser appear different to websites(fingerprinting) and you're increasing the attack surface for someone trying to find an exploit in your browser in order to hack into your computer. There's a reason it's recommended that you don't install 3rd party addons in Tor Browser. The Torproject is a small organization and has difficulty as it is supporting Tor Browser. Checking Addons for potential security exploits is a time consuming process that Mozilla doesn't even really do. The Torproject simply doesn't have the resources required to do code audits on 3rd party addons that may change their code at any time.

That was Well said & understood, Yes i forgot most addons will change their code from time to time and can't be followed every time & then by The TBB Team.. Thank you for the good info ,, hope it's useful for others too :) ,, Bye--

Anonymous

August 16, 2016

Permalink

dears all
how can we install the flash player on tor browser
noting that i dont have administration access to install any application
please help
my email is : m.ayoub250@gmail.com
regards

It is why the flash player was created and adopted by the sites that try to force it as an only way to decode their information.

The moment you allow any scripts on a site that you are not absolutely sure you can trust youe anonymity has gone out of the window. You may as well use a regular connection.

No scripts, no plugins and you may have a chance

Flash doesn't obey browser proxy settings, so traffic from the plugin won't go through tor even if you run it from inside TB.

That's correct.

If the original poster installs Flash Player on Tor, whether he is using Microsoft Windows or Linux OS, he is easily traceable on the internet.

He may wish to try to install Whonix operating system first and then install Flash Player. However there is no 100% warranty that Flash Player may not broadcast his true IP address.

Last week Shadow Brokers upload a 200+ MB of hacking tools stolen from the NSA. A few tools exploit zero-day vulnerabilities and unpatched vulnerabilities found in Flash Player and Java. Given this information, does the original poster still want to install Flash Player on Tor?

Yes but even with Whonix, there is flash fingerprinting. So each time he would use flash they would know it's same person.
Fingerprinting can be done with flash version, settings, flash history and PC settings too.

They may know it's the same person, making it pseudonymous as opposed to anonymous, but at least Flash isn't leaking your real IP as it would be in Tor Browser. Using Flash with Tor via Whonix may be shooting yourself in the foot with a pistol, but trying to use Flash with Tor Browser alone is shooting yourself in the foot with a rocket launcher.

try
1- a video downloader website (no flash plugin, but probably requires that noscript extension allow JavaScript.).
2- play downloaded video in media player that's blocked from connecting to the net, and, or lacks any streaming feature.

Anonymous

August 16, 2016

Permalink

Thanks!

Anonymous

August 16, 2016

Permalink

i noticed a lot of other sites still have 6.3 .

github ,filehippo .e.t.c

Anonymous

August 16, 2016

Permalink

In TBB6.0.4
extensions.torbutton.use_privoxy
is on(true).

Why?
Problem?

For a number of months, my Tor Button was accompanied by "Tor Disabled." Finally I complained to Chief Counsel at my employer (a DoD Agency) and voila! Tor started working, I got my VPN connectiion from Avast back, and my iPhone also shed a while bunch of bugs. However, I have questions about incidents that I've been trying to get my Agency to answer for over a year, and they keep piling up. There is/are IT person(s) at my Agency who have hacked my life basically. Imagine a DoD stalker who can block references, and shift philanthropic choices. Last night I reported four more incidents of system issues to the help desk, including a 2nd mouse input whose buffer seemed to have preference over mine.

Do Tor folks have anywhere to point me?

Anonymous

August 16, 2016

Permalink

Tor is still shutting down periodically and randomly as with 6.0.3, needing to be restarted without closing any windows. I have no idea whether it is something to do with my system or a bug. I mention it to see if others are experiencing this. This started for me on 6.0.3, and it is still doing it. Before that, Tor never closed down for no apparent reason, even if left without use.

It is happening on Windows 7. I thought it started happening in 6.0.3 possibly as a result of installing the Mozilla Archive Format add-on. Never before had any add-ons and I thought that one was safe. But I've since disabled that and it still happens.

It seems to me that it is some change since 6.0.3 that is causing it, rather than something else on my system, but I don't know that for a fact. It seems to happen most when I have been away from the PC for a while and left Tor open. I come back to find Tor needs to be restarted. This never happened for me prior to v 6.0.3.

Anonymous

August 16, 2016

Permalink

После обновления TOR перестал работать. Помогает только новая установка. Если после новой установки в файл TORRC добавить настройки для создания реле, TOR снова перестаёт работать, приходится снова устанавливать заново.

Anonymous

August 17, 2016

In reply to by gk

Permalink

У меня даже после установки чистой версии Tor Browser 6.0.4 работает хорошо пока в файл torrc не добавлю строки:

ORPort 443
Exitpolicy reject *:*
Nickname ididntedittheconfig
ContactInfo human@...

после этого TOR перестаёт работать. Появляется всплывающее окно "Управляющий сервер ненайден"

Anonymous

August 17, 2016

Permalink

Is there a Tor option to NOT automatically download and install new versions? I wouldn't mind an announcement that a new version is available, but I would like to make the installation decision myself.

Yes, me as well - especially, since sometimes there are problems with specific options set (like Javascript in specific applications) or problems with access to my Hushmail, like today,

go into options (windows) or preferences (linux) or paste this url address
about:preferences#advanced
click "Updates" in top row

see on this page http://www.ghacks.net/2015/07/13/what-you-need-to-do-if-firefox-is-not-…

update settings shown in this image
http://www.ghacks.net/wp-content/uploads/2015/07/firefox-automatic-upda…

i have only the second dot enabled
"Check for updates, but let me choose whether to install them."

for me, TBB is obeying this setting as firefox does.

Anonymous

August 17, 2016

Permalink

Hey, what's this? Can't get to my Hushmail account via Tor, from Firefox it's possible, but I do wish to use Tor for access to my email. Please investigate ASAP!!

I don't have a Hushmail account but looking at the changelog posted above we did not change anything in the Firefox code that could cause this. Looking at the NoScript changelog 2.9.0.14 should not be the culprit either. Thus, I guess the best explanation is that Hushmail changed things on their side.

Hi Dear gk :)

Found that Hushmail is pain in the A:$$, after a period of --pause-- (not using), & when it happens that it must be re-checked --say-- for FB or twitter email Re-verification, you're blocked, Damn :)

Thus, found --real free-- that best works with Tor- NO matter what geo-location changes you log from- It is >> [geshifilter-code]https://www.vfemail.net[/geshifilter-code]

also on other topic, Would like report a bug --if it is!-- (not sure it's a bug yet) so, When many tabs are opened that might make TBB using about 1.5 gb of memory, then when that ALL are closed; Memory will not auto-decrease (say to 0.5 gb) in fact: will've to restart TBB to look more refreshed,

Any idea please to sort this out without restarting TBB!

Thank you..

Thus, found --real free-- that best works with Tor- NO matter what geo-location changes you log from- It is >> https://www.vfemail.net

Your recommendation, vfemail.net, is bad.

According to that website, it states: You will need javascript enabled to log into this site from this page.

If one wishes to use Tor with a web-based email provider, the latter should allow non-Javascript.

You might wish to try bitmessage.ch

Do you work for bitmessage? The full text you're referring to ACTUALLY says:

You will need javascript enabled to log into this site from this page.
Otherwise you can go directly to:
The Horde interface [link]
or
The new RoundCube interface [link]