Tor Browser 6.0a3-hardened is released
A new hardened Tor Browser release is available. It can be found in the 6.0a3-hardened distribution directory and on the download page for hardened builds.
This release features important security updates to Firefox.
This release bumps the versions of several of our components, e.g.: Firefox to 38.7.0esr, Tor to 0.2.8.1-alpha, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4.
Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.
Note: There is no incremental update from 6.0a2-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.
Here is the complete changelog since 6.0a2-hardened:
Tor Browser 6.0a3-hardened -- March 8
- All Platforms
- Update Firefox to 38.7.0esr
- Update Tor to 0.2.8.1-alpha
- Update OpenSSL to 1.0.1s
- Update NoScript to 2.9.0.4
- Update HTTPS Everywhere to 5.1.4
- Update Torbutton to 1.9.5.1
- Bug 18030: Isolate favicon requests on Page Info dialog
- Bug 18297: Use separate Noto JP,KR,SC,TC fonts
- Bug 18170: Make sure the homepage is shown after an update as well
- Bug 16728: Add test cases for favicon isolation
- Windows
- Bug 18292: Disable staged updates on Windows
Comments
Please note that the comment area below has been archived.
hii i know many time this
hii i know many time this ask when will harden tbb for stable ? security vry important for me and what danger am i when alpha tbb i use? thank!! much love Qatar
There are no plans to have
There are no plans to have the current hardened features used in the stable series as well. There are performance issues and general issues of using ASan builds in production (i.e. stable series).
Clownfare is EVIL!!
Clownfare is EVIL!!
Just fired up tor 6.03a and
Just fired up tor 6.03a and it said an update was available. I have not downloaded the latest version but suddenly my onion button has disappeared. Is someone hacking? Strange coincidence that today in the UK there is a military security fair with a company that claims to be able to get files from encrypted trucrypt folders.
Works fine for me. Is that
Works fine for me. Is that reproducible? If so, how?
I cannot reproduce this
I cannot reproduce this event because it only happened with the update notification. The browser kind of 'jumped' then when it settled the onion button had gone. So did an update with the latest version and all works fine. In view of the other comment about anti virus causing a problem it indicates a glitch in the update notification link.
Antivirus somehow
Antivirus somehow removed/disabled important extensions in the Tor Browser profile?
Hi, My question is this.
Hi, My question is this. Could you describe some of the differences between the standard stable torbrowser package, and the "hardened" version? Thank you.
Yes. The main differences
Yes. The main differences are that Tor and Firefox the hardened series are compiled with Address Sanitizer and in Tor's case with Undefined Behavior Sanitizer additionally. Moreover, both Firefox and Tor are compiled with -fwrapv.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/17983
Can we get some practical
Can we get some practical examples of how these measures help? Helps protect against certain 0day bugs in Firefox?
This is a good question. We
This is a good question. We don't have those numbers (yet). However, we might learn something later this year when we'll look closer at Firefox's vulnerability history which is one of the ToDo things for our sponsor.
Words from my mouth 2
Words from my mouth 2
The Google video CDN auto
The Google video CDN auto block exit node as spam IP , even I pass CAPTCHA
Thanks again for keeping
Thanks again for keeping pace with Firefox's release schedule
Please add a feature that
Please add a feature that allows drag and drop from the URL bar to the computer desktop to create an internet shortcut. This can be done in regular Firefox.
What is going on between the
What is going on between the TOR webbrowser and Recaptcha? It's becoming a pain in the ass.
What is use and reason that
What is use and reason that CloudFlare does this check "ReCaptcha"?
I've done two postings about
I've done two postings about the recaptcha issues. I've done my homework :) and found more info about it. (https://trac.torproject.org/projects/tor/ticket/18361). A never ending issue / problem / story :(
We need a feature that warns
We need a feature that warns when a link leads to a site with capcha garbage so we can avoid those capcha using sites.
How i can solve this - > To
How i can solve this - > To view this page ensure that Adobe Flash Player version 11.1.0 or greater is installed.
https://www.torproject.org/do
https://www.torproject.org/docs/faq.html.en#TBBFlash
Tor users HATE you
Tor users HATE you Clownfare! Do you UNDERSTAND? We want you to GO OUT OF BUSINESS.
this browser is now necome
this browser is now necome very slow now.i have checked at on differnt pcs and laptops but working very slow
New to Tor. Is hardened Tor
New to Tor. Is hardened Tor better? What is best version? Where
do I get step by step instructions how to use Tor instead of Safari or any other or do I use one special platform with Tor as main platform? if so, how? Which one?
Better not to put Tor on my Mac itself?
I will do anything to increase privacy.
suzannedk@gmail.com
You can find instructions
You can find instructions for using Tor Browser on this page:
https://www.torproject.org/projects/torbrowser.html.en