Tor Browser 6.0a5 is released
A new alpha Tor Browser release is available for download in the 6.0a5 distribution directory and on the alpha download page.
This release features important security updates to Firefox.
This will probably be our last alpha release before the stable 6.0 and it contains a bunch of noteworthy changes.
First, we switched the browser to Firefox ESR 45 and rebased our old patches/wrote new ones where necessary.
Second, we ship a new Tor alpha version, 0.2.8.2, which makes meek usable again and contains a number of other improvements/stability fixes.
Third, this alpha release introduces code signing for OS X in order to cope with Gatekeeper, the OS X mechanism for allowing only authorized applications to run. There were bundle layout changes necessary to adhere to code signing requirements. Please test that everything is still working as expected if you happen to have an OS X machine. We plan to post instructions for removing the code signing parts on our website soon. This should make it easier to compare the bundles we build with the actual bundles we ship.
The fourth highlight is the fix for an installer related DLL hijacking vulnerability. This vulnerability made it necessary to deploy a newer NSIS version to create our .exe files. Please test that the installer is still working as expected if you happen to have a Windows machine.
- It seems there is a bug regarding our search engine selection in non-en-US bundles. The search engines actually used are the ones contained in the respective language packs but not those we ship. There is no easy workaround for this short of disabling the language pack or adding the search engines one wants to have by hand. We are sorry for this inconvenience.
- An other issue is an error "Unable to start tor" after upgrading from an older version, on Mac OS (Bug 18928). Quitting and restarting a second time should fix the problem.
- A third issue we found is the missing HTTPS-Everywhere extension in Mac OS bundles after an update from previous Tor Browser versions. Workarounds are either installing HTTPS-Everywhere manually from EFF's website or using a clean, new 6.0a5 Mac OS bundle.
Here is the full changelog since 6.0a4:
Tor Browser 6.0a5 -- April 28 2016
- Update Firefox to 45.1.0esr
- Update Tor to 0.2.8.2-alpha
- Update Torbutton to 126.96.36.199
- Bug 18466: Make Torbutton compatible with Firefox ESR 45
- Translation updates
- Update Tor Launcher to 0.2.9.1
- Update HTTPS-Everywhere to 5.1.6
- Update NoScript to 188.8.131.52
- Update meek to 0.22 (tag 0.22-18371-2)
- Bug 18371: Symlinks are incompatible with Gatekeeper signing
- Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
- Bug 18900: Fix broken updater on Linux
- Bug 18042: Disable SHA1 certificate support
- Bug 18821: Disable libmdns support for desktop and mobile
- Bug 18848: Disable additional welcome URL shown on first start
- Bug 14970: Exempt our extensions from signing requirement
- Bug 16328: Disable MediaDevices.enumerateDevices
- Bug 16673: Disable HTTP Alternative-Services
- Bug 17167: Disable Mozilla's tracking protection
- Bug 18603: Disable performance-based WebGL fingerprinting option
- Bug 18738: Disable Selfsupport and Unified Telemetry
- Bug 18799: Disable Network Tickler
- Bug 18800: Remove DNS lookup in lockfile code
- Bug 18801: Disable dom.push preferences
- Bug 18802: Remove the JS-based Flash VM (Shumway)
- Bug 18863: Disable MozTCPSocket explicitly
- Bug 15640: Place Canvas MediaStream behind site permission
- Bug 16326: Verify cache isolation for Request and Fetch APIs
- Bug 18741: Fix OCSP and favicon isolation for ESR 45
- Bug 16998: Disable <link rel="preconnect"> for now
- Bug 18898: Exempt the meek extension from the signing requirement as well
- Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
- Bug 18890: Test importScripts() for cache and network isolation
- Bug 18726: Add new default obfs4 bridge (GreenBelt)
- Bug 13419: Support ICU in Windows builds
- Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
- Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
- OS X
- All Platforms
- OS X
Please note that the comment area below has been archived.
hello . Good jobs How can i
hello . Good jobs
How can i get New bridges?the E-mail address has beenchanged?i am not able to get new bridges by the current method and e-mail address
The email has not changed,
The email has not changed, it is still email@example.com. You need to send the email from Riseup, Gmail or Yahoo.
You can also get bridges by visiting https://bridges.torproject.org/.
Still cannot get one. tried
Still cannot get one. tried using information on main website still no reply.
Any change for 64bit Firefox
Any change for 64bit Firefox now that we are on ESR 45?
You mean for Windows? We
You mean for Windows? We won't ship 64bit bundles for it in the ESR45 timeframe. But it is on our ToDo list. We might not get it done for ESR52 but for ESR59 it should be ready.
Haven't been able to use
Haven't been able to use this software in a windows PE environment since the Vidalia days... always get the XPCOM error, every time.
BUG: the zoom level keeps
BUG: the zoom level keeps changing on websites without me changing it on my own. I have tried changing the zoom level back to default using CTRL+0, and also through the menu, which resets it, but it changes on its own after going to new links.
Do you have steps to
Do you have steps to reproduce that for me? Ideally, those that show it worked for ESR38 based Tor Browsers but not for ESR45 ones.
bugzilla confirms that some
bugzilla confirms that some webpages force the ugly rectangle at the bottom on Win to disappear without resizing the window, so the only option for this is zoom. And yes, this happens on 38esr.
Not OP, but it always
Not OP, but it always happens for me. Always 110%. Not in a stable release.
Ditto. Ctrl+0 also reveals a
Ditto. Ctrl+0 also reveals a nasty border between the edge of the window and the document. Similar to https://trac.torproject.org/projects/tor/ticket/14429#comment:22 but centred and not affecting the tab/urlbar.
How does browser choose
How does browser choose bridge? If use obfs4 (recommended), see that always same bridge. New Tor Circuit, New Identity, diy close re open browser.....always same bridge. Should not be random? Always same bridge good or bad for anonymity?
Also why about:config have 11 almost same bridges? Meaning, 11 have IP address with same first 3 numbers. Should not have more variety?
If I understand correctly,
If I understand correctly, your bridge should not change so often, just like a guard.
Also Tor button show Tor
Tor button show Tor circuit:
Bridge: obfs4 (country)
Country (IP address)
Why not show bridge IP? Need to use other software to see bridge IP.
Also thank you.
US Law Change Allows Police
US Law Change Allows Police to Search PCs of Tor users
Hi, is there any possibility
Hi, is there any possibility for the following for the android client?
Orbot should detect any connection to an unencrypted wifi network, block all other connection until it has connected to tor.
Also should handle free wifi login screens the same time.
This would be just awesome. :)
Where is tutorial how to
Where is tutorial how to compile Tor stable build under Windows?
There is no one yet, alas.
There is no one yet, alas. There is still https://trac.torproject.org/projects/tor/ticket/13694 which I did not get to, yet. The best we have is: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking pointing to our reproducible builds. Or you could take a look at the script driving the build: https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/giti….