Tor Browser 6.5a2-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a2-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

In addition to the changes from Tor Browser 6.5a2, this releases integrates Selfrando. For more details about Selfrando integration in Tor Browser, see the Q and A with Georg Koppen and the Selfrando git repository.

Here is the full changelog since 6.5a1-hardened:

  • All Platforms
    • Update Firefox to 45.3.0esr
    • Update Tor to tor-0.2.8.5-rc
    • Update Torbutton to 1.9.6.1
      • Bug 19689: Use proper parent window for plugin prompt
      • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
      • Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
      • Bug 19273: Improve external app launch handling and associated warnings
      • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Update HTTPS-Everywhere to 5.2.1
    • Update NoScript to 2.9.0.12
    • Bug 17406: Include Selfrando into our hardened builds
    • Bug 19417: Disable asmjs for now
    • Bug 19715: Disable the meek-google pluggable transport option
    • Bug 19714: Remove mercurius4 obfs4 bridge
    • Bug 19585: Fix regression test for keyboard layout fingerprinting
    • Bug 19515: Tor Browser is crashing in graphics code
    • Bug 18513: Favicon requests can bypass New Identity
    • Bug 19273: Write C++ patch for external app launch handling
    • Bug 16998: Isolate preconnect requests to URL bar domain
    • Bug 18923: Add script to run all Tor Browser regression tests
    • Bug 19478: Prevent millisecond resolution leaks in File API
    • Bug 19401: Fix broken PDF download button
    • Bug 19411: Don't show update icon if a partial update failed
    • Bug 19400: Back out GCC bug workaround to avoid asmjs crash
    • Bug 19735: Switch default search engine to DuckDuckGo
    • Bug 19276: Disable Xrender due to possible performance regressions
    • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
  • Build System
    • All Platforms
Anonymous

August 03, 2016

Permalink

I get an 0xc0000022 error and cannot open 6.0.3 or 65a2.

I was able to run 6.0.2.

Anonymous

August 03, 2016

Permalink

I am not seeing a Windows version. Are there no hardened builds for Windows?

Anonymous

August 03, 2016

Permalink

Hmmm I am no longer able to open about:preferences

"The address isn't valid" appears.

What's the status of ASan on Windows anyways? I find resources 2-4 years old talking about how the Windows port works decently but is a work in progress, but nothing more recent that definitively says it supports it.

Anonymous

August 03, 2016

Permalink

The Tor Browser ( 6.0.2 ) keeps on crashing on MAC ox ( 10.11.6 ) i can't visit a site for more than 1 minutes before it crashes and have to restart , i recently updated to (6.0.3 ) im having the same problem

Anonymous

August 03, 2016

Permalink

The Tor Browser ( 6.0.2 ) keeps on crashing on MAC ox ( 10.11.6 ) i can't visit a site for more than 1 minutes before it crashes and have to restart , i recently updated ( 6.0.3 ) but nothing change I'm having the same problem

Anonymous

August 04, 2016

Permalink

good

Anonymous

August 05, 2016

Permalink

After updating from the previous version via the auto-updater, i could no longer load https websites.

http worked fine.

I had to do a manual download of the new verison.

Thanks for everything though, Tor helps keep us all safe online.

Anonymous

August 05, 2016

Permalink

Why did you switch from DDG's onion service to their duckduckgo.com address?

Anonymous

August 06, 2016

Permalink

I have tested the hardened version since it's inception.

I have had problem with "memory-leak" behavior were my 6GB RAM was
maxed out.

This version seems a little better although it eats a considerable amount of
RAM.

Anonymous

August 06, 2016

Permalink

In Tor Browser 6.0.3
the Add-ons Manager says:
"no script could not be verified for use in tor browser"

Could you give us more details? Does this happen with a fresh 6.0.3 downloaded from our website? Or after an update from a previous Tor Browser version? Which operating system are you using? How can I reproduce your problem?

Anonymous

August 08, 2016

Permalink

Hi,
I'm using TorBrowser 6.0.3.
If I click on "New Identity" the middle and exit node change, however the entry node stays the same.
Is this behavior correct?
Greetings.

Anonymous

August 10, 2016

Permalink

On start up I am getting message "Your Firefox is out of date. Please download a fresh copy."

I check for new Tor Browser updates but there are none.

I don't think I should click "Get Firefox" which my browser is suggesting.
Why is this?

This is due to a bug in 6.0.3 which went unnoticed so far. Mozilla fixed the issue for us on the server-side to give us time getting a new version out. See the 6.0.3 blog update for details.

Anonymous

August 31, 2016

Permalink

What is the difference between Tor 6.0.4 and 6.5a2 and 6.5a2 hardened?

Anonymous

September 15, 2016

Permalink

Why has the option to turn javascript on and off in the top left corner disappeared in the latest windows version of tor browser?! I can't even find a blog post about this or comments. What possible reason could there be to do this? This has just caused ongoing problems for the past 45 mins while I try to find an alternative way to do this. Why remove such a useful feature?! The only other option similar I can find is "disable add ons such as flash" - Well this is very unclear whether it has anything to do with java or not as the option was there in previous versions and seemed to have no effect on java. I cannot believe this option has been removed with no explanation and no obvious alternative way to turn this on and off...