Tor Browser 6.0.8 released

Tor Browser 6.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Besides updating Firefox to 45.6.0esr which is fixing important security bugs we ship the latest Tor stable version, 0.2.8.11. HTTPS-Everywhere is updated as well (to 5.2.8) and we make improvements to our default obfs4 bridges.

Here is the full changelog since 6.0.7:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to 0.2.8.11
    • Update Torbutton to 1.9.5.13
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges
PETER

December 13, 2016

Permalink

Dear Ladys and Sirs,
I try to install 'onion sites' and 'hidden net' but I'm sorry, I'm not able to do this. Please can you help me with instructions in German language or even can you install this for me?

I'm curious of your reply and say many thanks!

Kind regards
Jörg Hager
(joerg-hager@t-online.de)

PETER

December 13, 2016

Permalink

Greetings,

Have you had any other reports of upgrade difficulties with this release?

I cannot manage to upgrade from 6.0.7 to 6.0.8 on Win XP (Yes, I know!)

What happens is... After I download the 4.8 MB update and restart the browser, it loads the old version and gives a pop-up saying:

"Software Update Failed - The update could not be installed. Please make sure there are no other copies of Firefox running on your computer, and then restart Firefox to try again."

Tor Browser then works normally but it's the old version, 6.0.7.

There is no other Firefox process running in Windows Task Manager.

When I check for updates again, it downloads the same 4.8 MB package and the process starts over.

My antivirus is turned off and I've rebooted the computer several times.

I've been using Tor for years and have not had any other problems updating the Tor Browser in recent memory.

Thanks for your help.

Thanks for checking and replying!

I eventually solved the installation problem on my XP by moving the Tor Browser security slider from High to Low.

(I keep the TB in High mode most of the time.)

After I lowered the security setting, the update package changed from 4.8 MB to 60.8 MB and it installed perfectly.

Maybe only XPs are prone to this glitch?

Thanks again for your help and for developing the fantastic Tor Browser, an incredible and indispensable program.

Make sure you have plenty of free disk space (>400MB according to some sources). This has been a very common problem lately, because TB doesn't warn the user. It's worth a try.

PETER

December 13, 2016

Permalink

-----BEGIN PGP MESSAGE-----

qANQR1DBwUwDlDc6qUt8MiMBEACeEeDiEoEniVs0DgrNhmkx7cg9dfsma2Bj3VLO
Vl4zyA6/ZRoqQpIl+sGjlaeGlfSXpGKn4+Vk0a0mPgG9NZBUZExQw7+OYZ1hvA0b
EpGvacL6gIgO03E6VEZee7BarWbspIdceHa+wXgZluBMeb2Hzx8kLh91A5K4ulNM
aQyORByusIfBu75u7rCYZfOYJv/j20rt1XLTpElTBWC40DoZfMnBmpU9Rh+uIaik
jplKbORXK36bYioRBU60PElTMVTgyfKxnF95TarpwBQH7v3cW+2ibqJ8TZwqJRnn
ZA1i558zcdHt5mEadD4++nhYkByPeL97Xf4cCqCy43DT0iSNsAV8bD4C2tNNtDdJ
mnmWFcyLJnBiNzZdaYDe71YVtoYbef6Ocu5RQKORKFQOdDk/zHmZs1u0cxnwLxU/
armGu5Wq4wtRKeg6h9BjsmpnZWRnGTkAyT7GChyYRI4lVImV/3JJBY6JetRk1wiN
DIIHzW99fDw2DAsZH9ZELwFUw/WH5aV1ERFEkzadVUS/GrxWO6UkCRkmbYgJrfNF
pwUnx3BaIh5R4hm0aijRShoQpsq4bDubR25IgPNn0GbQnNIGa30Br5f+v0EYv3QE
mHIeADCBrPc6x+7KgAW6jueCDZMVNY2N+112fm/w8dGWoZYBmvsfVszLEtmJ6QkD
GSr049LAmgGTmFCevDlE7gd+IpFvxe8vCOfcB0byUTmE44ZVFH5KnxlnhB209MWA
caVzYERx4F6Yg/9G3FXVmmz3QlvSrV+Xda+V70hVPEtpBMuOUN3m79637T6ip+ws
GGas09WciigB0A2R4Qd6yLkdipJG19pEm8jlxRJjEGgKSjFtCGUsnFPSqYemVheo
6rp/guURy/apoCu4nhMfUNWE73h0vOvypJxhvF+oFqA2Y8lrnW2ohcjOsuB9rj2A
uuquk5Wil02ek8zv2VGuQiaObS39esW2XinZo2TKEDAupx1fHBhRER5IEKoG1sDV
t+oKs6Iu8akvZs7tlUThIX1lt5nRZ9Ci6JQRCU5FXuskJ6YNYqfCTJfrjCVGbQdJ
WOe+rF3YjYtRAP/cqMtVJ3ZnItyDDdadC1XkDF1E7as+BJ1a6+s+l7FPsJHHLH10
pIN7faegFQyNQNmcLzcGMM4=
=d8gC
-----END PGP MESSAGE-----

PETER

December 13, 2016

Permalink

hi

PETER

December 13, 2016

Permalink

Can I get any more information about CVE-2016-9899 and CVE-2016-9893 (fixed in this release)? The bug pages on bugs.mozilla.org say I am not authorized to view the details, and the mfsa description is very vague. I'm curious what exploit vectors they use. I imagine the former can be blocked by noscript, because it says it involves a UAF for audio, which can be blocked, but the latter is just a collection of general memory-related bugs, which may or may not be related to javascript.

PETER

December 13, 2016

Permalink

When I keep Tor button to High the update size is about 5 MB but when it is kept medium-high or low it first downloads 5 MB then installs and next it downloads 85.8 MB .

I did not say this. But there is not much we can do if the download got corrupted or tampered with. When I say "works fine for me" I mean I tested it on different machines with different locales and different operating systems and the update got downloaded once and applied cleanly.

Well, that's what I experiencing both while quickly testing after enabling the updates and during updating my own Tor Browser instances. With one exception: On OS X stable if you started with a newer Tor Browser on OS X, one that supports code-signing, and are updating you are currently downloading the incremental one first and need to download the full update afterwards. We realized this bug after we shipped the code-signed bundles and it took us quite some time to get the fix right. See: https://trac.torproject.org/projects/tor/ticket/19410 for the details.

This is fixed in the alpha series and should work with Tor Browser 6.5 which is supposed to be the next stable release.

I experience this same issue since 6.0.5. If I download from TBB's about box:
FIrst downloads 5 MB. then it downloads 8x.x MB and fails to install it.
IF I download from Torbutton, fail again with message: Can't install update (fail applying patch).

I then download clean, unpack and use. Next update, same problem. Ubuntu 64, es lang, highest security settings.

Hard to say what goes wrong in your case. Could you share some log output? One thing that would probably be helpful is looking at the log you get after setting "app.update.log" on about:config in your Tor Browser to "true" before doing the update. The console (Ctrl + Shift + J) should get the output which might already help. Then there should be a UpdateInfo folder in your tor-browser_es-ES/Browser/TorBrowser after you tried to update. There updates/last.update.log should be interesting as well.

PETER

December 14, 2016

Permalink

we live in Iran .Iran does not support international cards because of sanctions imposed by America,Is there another way we can Donate tor ?

PETER

December 14, 2016

Permalink

It is SAFE to add some dictionary from others localized versions of Tor Browser?

PETER

December 14, 2016

Permalink

I have two tor-browser_en-US folder
one in /documents/ (first)
other in /desktop/ (second)
I wanted to put first one to high security level and the second to medium-high
After I put the first to high then turn second to medium-high and return to the first it would be at medium high.
Then I put first back to high and then go to second the second goes to high(I had put it at Medium-high)
Debian 8.6 64-bit tor browser 6.0.8

I had upgraded tor browser at /documents/ from 6.0.7 to 6.0.8
After putting the tor browser(the one at /documents/) at high I copied the folder to /desktop/(second). then opened second and changed it to medium-high this somehow made the first ( the one at /documents/) to medium high

PETER

December 14, 2016

Permalink

I get Tbb tunnel through a local proxy software which is NSA friendly, and Tbb cannot choose any kind of bridges for the connection to the network, so does it mean is it NSA be able or easier to crack Tor without bridges?

PETER

December 14, 2016

Permalink

Tor doesn't work anymore:
"Tor exited during startup. This might be due to an error in your torrc file, a bug in Tor or another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start."

I would try this:
Copy your places.sqlite (bookmarks) from directory/folder of TBB that doesn't work.

Extract and run the full current TBB.
Shutdown.
Replace the new TBB's places.sqlite with your old places.sqlite

OS X 10.11.6 El capitan
How to extract bookmark if I can not enter TB.
Where is places.sqlite file
May be erase bookmark and start from a brand new browser?
(thank you for your help guys)

Is it the first time you are using Tor Browser or the first time you have this trouble? I guess you have installed Tor Browser into /Applications. What happens if you take a fresh new Tor Browser and install it to your Desktop instead. Does that work?

I also get this, on XP

The 2.8.x executables are messed up, it's been this way for several releases.

And cookies are STILL broken in tor Browser (only been what like 3 years now and no fix from Tor Project)

It seems this is a different issue as you are on Windows and the behavior the user reported started recently on OS X? That said please file a bug for your problem at https://bugs.torproject.org so we can investigate it? We would need additional information in order to reproduce it (if you are customizing your Tor Browser etc.).