Tor Browser 6.5a6 is released
This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.6-rc and HTTPS-Everywhere to 5.2.8.
With this release we made progress in both the usability and security area. In the former we fixed the broken preferences pane in non-en-US bundles and moved to pt-BR bundles for Portuguese as it turns out that all our translations for Portuguese are containing Brazilian language strings. We added links to the Tor Browser Manual, an effort led by the community team to make help easier available for our users in case of problems.
On the security side we are proud to announce the first fruits of our sandboxing efforts.
On Linux the Tor Browser sandbox is centered around Linux namespaces along with seccomp-bpf, and attempts to reduce the attack surface available to adversaries to prevent exploits from succeeding, and to limit the capabilities of an attacker in the event that they do manage to compromise either the tor client instance or the browser itself. This is done by creating lightweight namespace based containers in which the Tor Browser components are run, with various restrictions imposed by the operating system. For example, the container that the browser runs in does not have an IP address to leak, or a connection to the external network except via Tor.
It is made available to end users as a separate downloadable binary,
sandboxed-tor-browser, that manages installing and updating Tor Browser, configuring Tor and the sandbox, and running the actual sandboxed Tor Browser. Having
bubblewrap installed is required for this to work. Additional documentation about the implementation, known issues, and frequently asked questions is available at our wiki.
We have also made some progress with sandboxing on macOS. Building on the work done in the past by IronFox and similar projects, we have created sandbox profiles for the Tor daemon and for Tor Browser itself. These profiles, along with some command line scripts that use Apple's sandbox-exec command to start Tor and Tor Browser, are included in our Tor Browser 6.5a6 OSX packages. At this time we are asking advanced users to use the OSX sandbox profiles on an experimental basis and give us feedback on any problems that they encounter. In the future, we hope to create software for macOS that is similar to the Linux Tor Browser sandbox.
Besides work on sandboxing this release features our first step in exploring options to harden the memory allocator. We have enabled jemalloc4 on Linux bundles and abort on redzone corruption. We are here especially interested in performance and stability related feedback.
Here is the full changelog since 6.5a5:
- All Platforms
- Update Firefox to 45.6.0esr
- Update Tor to tor-0.2.9.6-rc
- Update Torbutton to 220.127.116.11
- Bug 16622: Timezone spoofing moved to tor-browser.git
- Bug 20701: Allow the directory listing stylesheet in the content policy
- Bug 20556: Use pt-BR strings from now on
- Bug 20614: Add links to Tor Browser User Manual
- Bug 20414: Fix non-rendering arrow on OS X
- Bug 20728: Fix bad preferences.xul dimensions
- Bug 20318: Remove helpdesk link from about:tor
- Bug 20753: Remove obsolete StartPage locale strings
- Translation updates
- Update HTTPS-Everywhere to 5.2.8
- Bug 16622: Spoof timezone with Firefox patch
- Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
- Bug 20709: Fix wrong update URL in alpha bundles
- Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
- Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
- Bug 20837: Activate iat-mode for certain obfs4 bridges
- Bug 20838: Uncomment NX01 default obfs4 bridge
- Bug 20840: Rotate ports a third time for default obfs4 bridges
- OS X
- Bug 20121: Create Seatbelt profile(s) for Tor Browser