New Release: Tor Browser 8.5a3
Tor Browser 8.5a3 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox. We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr. Thus, users are fine with Tor Browser 8.5a3 even though the Firefox version is 60.2.1esr.
Furthermore, this release fixes Windows startup crashes and makes Tor Browser more compatible with the new macOS 10.14.
Known Issues
We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. The most important current issues are:
- WebGL is broken right now.
- Accessibility support is broken on Windows. We are considering options to address this issue right now.
- Tor Browser 8 is not starting anymore on some older Ubuntu/Mint Linux systems. We still have issues to reproduce this bug but hope we can fix it in the next release.
The full changelog since Tor Browser 8.5a2 is:
- All platforms
- Update Firefox to 60.2.1esr
- Backport fix for Mozilla bug 1493900 and 1493903
- Windows
- Bug 27865: Tor Browser 8.5a2 is crashing on Windows
- OS X
- Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility
Comments
Please note that the comment area below has been archived.
Tor Browser 8.5a3 is now…
Tor Browser 8.5a3 is now available from the Tor Browser Project page
Wrong link.
Thanks. Fixed.
Thanks. Fixed.
how can i get the link?
how can i get the link?
dark web dark kill
dark web
dark kill
HTTPS Everywhere 2018.8.22
HTTPS Everywhere 2018.8.22
On the subject of…
On the subject of accessibility, the Tor button is black even in high contrast mode, and is thus not visible in high contrast black.
Please disregard my last…
Please disregard my last message, the Tor button was black on 8.5a1 but once my browser updated to 8.5a3 it became visible on the toolbar.
15336289543 addons.update…
15336289543 addons.update-checker WARN Request failed: https://www.eff.org/files/https-everywhere-updates.json - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 163" data: no]
Tor browser is amazing
Tor browser is amazing
400 Bad Request nginx
400 Bad Request
nginx
Sometimes it happens to me…
Sometimes it happens to me too, but it seems to be a problem with Duckduckgo, rather than Tor Browser.
Why don't we see a great…
Why don't we see a great increase of traffic in https://metrics.torproject.org/hidserv-rend-relayed-cells.html after enabling CF's alt-svc .onion redirection?
!https://bugzilla.mozilla…
!
https://bugzilla.mozilla.org/show_bug.cgi?id=1325257#c10
https://www.tls13.net/
https://www.tls13.net/
https://hg.mozilla.org…
https://hg.mozilla.org/projects/nss/rev/ee357b00f2e6c44589dcd4060973578…
have the problem (Windows 10…
have the problem (Windows 10) that I am not able to save any downloads on a netwerkshare (SMB).. simply it doesn't work. also the default downlaod location can't be set to a network-share .. thanks for any hint!!
Mark
We guess we disabled that…
We guess we disabled that with
network.file.disable_unc_paths
set totrue
because of possible proxy bypasses. See: https://packetstormsecurity.com/files/149351/Tor-Browser-SMB-Deanonymiz….Why is libwinpthread-1.dll…
Why is libwinpthread-1.dll still loaded after https://bugs.torproject.org/27081 ?
I guess that's because of…
I guess that's because of https://trac.torproject.org/projects/tor/ticket/25832 but I have not checked.
So, you needed it for…
So, you needed it for Firefox, but added for every executable?
:)
:)
it is the best secure apps
it is the best secure apps
I started to use tor 8.0.2,…
I started to use tor 8.0.2, and when it starts, my antivirus detected a threat, I do not know what it was, but I'll wait a while, see what people talk about
https://www.bleepingcomputer…
https://www.bleepingcomputer.com/news/security/windows-drm-files-used-t…
For dev interest, seeing…
For dev interest, seeing this attack with 8.0.2 or 8.5a3:
- Security slider safest position.
- Do normal browsing (no JS).
- Adversary performs attack where JS is suddenly enabled (no change in website required). S symbol becomes open in front of your eyes.
- Have to destroy the VM (Disposable) immediately to limit risk of infection
Obviously there is some gaping hole weakness in NoScript and how it intersects with Tor Browser. Might wanna look into that...
Do you have steps to…
Do you have steps to reproduce that?
Nothing special. - Fresh…
Nothing special.
- Fresh Qubes-Whonix DisposableVM
- Browse.
Saw this attack on this website, Whonix v3 onion and Github. Usually appeared within 1-2 minutes of new browser session after previous DispVM destroyed. Appears to have eased, but I wonder whether they can target users of particular destination websites, or whether I'm just on their pet list (probably the latter)
Guys, please stop to put…
Guys, please stop to put Google within TOR. Google Safe Browsing for Firefox is still within the package and log users IP!
Secound, This TOR version is too slow and using too much RAM!
The Home Website to check the server TOR IP is gone, why?
And, NOSCRIPT still mark…
And, NOSCRIPT still mark Google as a trusted website. How do we get rid of Google?
How about add WebP format…
How about add WebP format support
Thank you
What do you mean?
What do you mean?
It seems they meant https:/…
It seems they meant https://bugzilla.mozilla.org/show_bug.cgi?id=1294490. Tor Browser will get that once it is in the next Firefox ESR release.
strange i have a lock on my…
strange i have a lock on my applications folder in mojave and it doesn't allow me to drag/drop tor packet.
also note
any time tor updates i typical lose functionality.
and have to tinker to get it back up.
Which functionality are you…
Which functionality are you losing? Does mojave prevent your from installing a clean, new Tor Browser?
Sorry, you have been blocked…
Sorry, you have been blocked
You are unable to access infowars.com
lol
lol
“[CloudFlare doesn’t] appear…
“[CloudFlare doesn’t] appear open to working together in open dialog, they actively make it nearly impossible to browse to certain websites, they collude with larger surveillance companies (like Google), their CAPTCHAs are awful, they block members of our community on social media rather than engaging with them and frankly, they run untrusted code in millions of browsers on the web for questionable security gains.”
https://www.makeuseof.com/tag/tor-users-blocked-major-websites/
hey im trying to get into…
hey im trying to get into the forums like the card cracking and nothing will come up it will eventually send me to a page saying the host is taking too long and to retry am i doing something wrong?
Hey! Why the fuck `firefox…
Hey! Why the fuck `firefox-esr60 --- wontfix`?
https://bugzilla.mozilla.org/show_bug.cgi?id=1472618
Haha! Stupid tor! It gave me…
Haha! Stupid tor! It gave me a shitty guard, so I changed it to obfs4 in TL. But that one wasn't good, so I changed back to normal guard and also checked firewall policy to 80, 443. AND:
Tor WARN: Failed to find node for hop #1 of our path. Discarding this circuit.
Tor WARN: Could not choose valid address for abunyasha
is spamming Browser Console until I uncheck firewall policy! Shit!
ADD AN OPTION TO CHANGE SHITTY GUARD TO NORMAL! OR DON'T CONNECT TO IT!
How to configure Tor for…
How to configure Tor for total anonimaty?, please be direct and simple, i dont speak english very well, i dont know how to configure this new tor, the only one thing that i do is put the security bar in safest, dont know fi its enought
There is nothing "total" in…
There is nothing "total" in our world, but it is much more secure to download and use Tails or Whonix.
This web site works well…
This web site works well with old versions of TBB, and with 8.0, but with 8.5a3 and with 8.0.2 it is broken. Namely, after CloudFlare CAPTCHA is passed, JS is not loaded at the page at all. With NS disabled it doesn't work also. I think something is broken after transition from 8.0.1 to 8.0.2. Could you find the problem?
I suspect this is due to the…
I suspect this is due to the weird Cloudflare setup they have. Does the cat appear if you click on the chat button? (after solving yet another CPATCHA)
Cat? Not. :) Chat - Yes…
Cat? Not. :) Chat - Yes. Indeed, sometimes CAPTCHA is asked 2nd time just before entering the chat, but this is not the problem. In 8.0.2 I always get the page, where no button is clickable. You can open this site with old TBB version and see the difference. It is just Russian analogue of talkwithstranger.com (chat with randomly selected person, where age and gender can be chosen).
WFM on Windows, 8.0.2
WFM on Windows, 8.0.2
Still does not work for me …
It still does not work for me (Linux, 64).
I see they fixed their…
I see they fixed their website today. Now it is working also for me (on Linux). Thanks to all for replies! Problem is solved.
Actually, it is not solved,…
Actually, it is not solved, most of the time it doesn't work. Now it often doesn't work even with older TBB.
However, it works fine with modern TBB if tor's traffic also passes extra (non-tor) proxy. So, Georg was right that it is not an issue of tor browser. Admins (or Google's CAPTCHA?) simply block some JS scripts based on IP address.
What's the status of…
What's the status of encrypted sni support that Cloudflare announced for TLS 1.3?
https://blog.torproject.org…
https://blog.torproject.org/events/gnu-health-con-los-palmas-spain
http://www.gnuhealthcon.org/2018-las_palmas/
please no http link !
Yes, I agree with you in…
Yes, I agree with you in general. The problem is the site is broken with HTTPS as it uses a self-signed certificate.
Torbutton cannot safely give…
Torbutton cannot safely give you a new identity. It does not have access to the Tor Control Port.
Are you running Tor Browser Bundle?
What have you been doing?…
What have you been doing? How can I reproduce your issue?
Nothing special, just…
Nothing special, just invoked New Identity.
Does this happen with a…
Does this happen with a clean, new Tor Browser downloaded from our website? Which operating system are you using?
Yes. This is on Windows 7.
Yes. This is on Windows 7.
Which Tor Browser version…
Which Tor Browser version are you using? If that is an alpha version, does it happen with a stable one as well?
Yes, it happens on every…
Yes, it happens on every version when NI takes too long.
you can't do anything with…
you can't do anything with flash player ect..
well, the update works well…
well, the update works well on my Android device, thank you so much
Can you guys please…
Can you guys please autoupdate Tor to 64 bit on x64 systems in the next patch?
You mean on Windows systems?…
You mean on Windows systems? That's https://trac.torproject.org/projects/tor/ticket/24196 and we plan to do that although there is no ETA for it. I think first we want to see our 64bit bundles work indeed fine for stable users and if so, we plan to get all 64bit system users upgraded. Maybe for 8.5.
Hrm, this release shows…
Hrm, this release shows blank pages when security.sandbox.logging.enabled
This is on Windows?
This is on Windows?
Indeed.
Indeed.
I tested both 64 and 32bit…
I tested both 64 and 32bit en-US bundles on a Windows 7 machine and surfing works as expected with sandbox logging enabled. Does the same problem show up for you with a stable Tor Browser? Which Windows system are you on?
Hm, it's a Windows 10 issue…
Hm, it's a Windows 10 issue then. Never mind.
Well, if it is then we…
Well, if it is then we should figure out whether it's a Tor Browser one. :) I suspect you used the alpha on Windows 10? Does the same happen if you are using a stable Tor Browser version?
Oh, it seems so, because it…
Oh, it seems so, because it works on stable even with level 5 sandbox.
Stable does not have level 5…
Stable does not have level 5 sandbox enabled due to a bug (see: https://trac.torproject.org/projects/tor/ticket/26381). We are testing a fix for that one in the alpha series and I am trying to understand whether that fix is causing your issue or maybe it's just sandboxing level 5 that is causing the problem. Could you double-check with a clean, Firefox ESR 60.3.0 (https://www.mozilla.org/en-US/firefox/organizations/all/)?
Sure, that's why I set it…
Sure, that's why I set it manually for testing. ESR is also not affected.
The problem solved! It was…
The problem solved! It was the advanced security hardening of Windows 10.
05:21:38.408 Failed to…
05:21:38.408 Failed to import favicon data:[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [mozIAsyncFavicons.replaceFaviconDataFromDataURL]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/BookmarkHTMLUtils.jsm :: insertFaviconForNode :: line 1141" data: no] 1 BookmarkHTMLUtils.jsm:1149
insertFaviconForNode resource://gre/modules/BookmarkHTMLUtils.jsm:1149:7
insertFaviconsForTree resource://gre/modules/BookmarkHTMLUtils.jsm:1177:3
insertFaviconsForTree resource://gre/modules/BookmarkHTMLUtils.jsm:1181:7
insertFaviconsForTree resource://gre/modules/BookmarkHTMLUtils.jsm:1181:7
_importBookmarks resource://gre/modules/BookmarkHTMLUtils.jsm:903:7
next self-hosted:1214:9
When working on THE tor 8.0…
When working on THE tor 8.0.2 version of the browser, it is impossible to save the entered list of trusted sites in the NoScript 10.1.9.8 add - on-when you exit and re-enter all the entered data is lost. To view the scripts, I had to turn it off. Is there a problem?
See: https://trac.torproject…
See: https://trac.torproject.org/projects/tor/ticket/27175 where we implemented a fix. Having a custom list of exceptions is generally bad news for you with respect to tracking protection which is why we strongly discourage that and especially if saving those exceptions to disk is concerned. However, we provide a possible way to get this functionality back if one really, really thinks one needs it.
Tor 8.0 still exposes your…
Tor 8.0 still exposes your OS,and Browser Referrer,the strings no longer take effect when you edit them in about:config/agent etc. Tor needs to fix this issue asap as they say they are? I would revert back to 7.5 version if you are worried about your privacy as it still works as a charm without updating to 8.0.
captcha
captcha
Why does tor fix the first…
Why does tor fix the first node where I enter the internet ?
It made me easy to be traced by malious forces and persons!!!
what the fuck are you doing?
Have you tor organization compromised the whole tor project to USA government ?
See: https://support…
See: https://support.torproject.org/en-US/tbb/#first-address-relay-circuit for the reasons behind a guard node (which is another name for the first hop in the Tor circuit).
When you think it's a good…
When you think it's a good idea using unfixed Guard Nodes after reading
https://support.torproject.org/en-US/tbb/#first-address-relay-circuit
,it's not, you can use TAILS
https://tails.boum.org
Tor NOTICE: Tor has been…
Tor NOTICE: Tor has been idle for 64185 seconds; assuming established circuits no longer work.
Tor NOTICE: Heartbeat: Tor's uptime is 1 day 2:48 hours, with 0 circuits open. I've sent 102.09 MB and received 2.54 GB.
Tor NOTICE: Average packaged cell fullness: 51.691%. TLS write overhead: 5%
Tor WARN: Failed to find node for hop #1 of our path. Discarding this circuit.
Tor NOTICE: Our circuit 0 (id: 570) died due to an invalid selected path, purpose General-purpose client. This may be a torrc configuration issue, or a bug.
Tor WARN: Failed to find node for hop #1 of our path. Discarding this circuit. Tor NOTICE: Tor has successfully opened a circuit. Looks like client functionality is working.
This is a default config of torrc in TBB => this is a bug.
Do you have ways to…
Do you have ways to reproduce it, so that we can have a closer look?
Alright, I opened https:/…
Alright, I opened https://trac.torproject.org/projects/tor/ticket/28140.
07:21:58.067 TypeError: doc…
07:21:58.067 TypeError: doc is null 1 ContextMenu.jsm:520:1
13:14:41.919 TypeError:…
13:14:41.919 TypeError: aOldNode is undefined 1 treeView.js:459:9
PTV__getNewRowForRemovedNode chrome://browser/content/places/treeView.js:459:9
PTV__restoreSelection chrome://browser/content/places/treeView.js:510:17
PTV_invalidateContainer chrome://browser/content/places/treeView.js:1106:5
notify resource://gre/modules/Bookmarks.jsm:1289:30
insertTree/< resource://gre/modules/Bookmarks.jsm:561:9
next self-hosted:1214:9
showBookmarkDialog resource:///modules/PlacesUIUtils.jsm:294:5
PCH_bookmarkCurrentPages chrome://browser/content/browser-places.js:527:5
oncommand chrome://browser/content/browser.xul:1:1
13:22:51.996 [Exception... …
13:22:51.996 [Exception... "Component returned failure code: 0xc1f30001 (NS_ERROR_NOT_INITIALIZED) [nsIMessageSender.sendAsyncMessage]" nsresult: "0xc1f30001 (NS_ERROR_NOT_INITIALIZED)" location: "JS frame :: resource://gre/modules/ExtensionUtils.jsm :: sendAsyncMessage :: line 533" data: no] 1 (unknown)
sendAsyncMessage resource://gre/modules/ExtensionUtils.jsm:533:51
_handleMessage/deferred.promise< resource://gre/modules/MessageChannel.jsm:984:9
NoScript is blocking Media…
NoScript is blocking Media on Default!
https://www.youtube.com/watch?v=D54HHf3PsP0
Works for me with my Tor…
Works for me with my Tor Browser alpha on a Debian Linux machine. How can I reproduce your issue?
Not the video! Don't you see…
Not the video! Don't you see a red number on the NoScript icon?
Hm. Yes, this seems to be a…
Hm. Yes, this seems to be a glitch in the NoScript UI as this goes away for me if I e.g. maximize the window. All more a reason to hide the NoScript UI as it is confusing. :)
Hah. But it doesn't mean…
Hah. But it doesn't mean NoScript shouldn't be fixed. :) How are you going to provide UI for temp. enabling Script/Media/etc here and there (on higher security levels) if you hide NoScript?
We have a proposal for the…
We have a proposal for the redesign (https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-s…), see section 2.2 for our current idea.
It would be better to add…
It would be better to add all the features (SVG, etc) to NoScript and remove Torbutton altogether as it is the only thing (except weird size) that distinguishes Tor Browser from Firefox (visually).
09:57:51.101 Error…
09:57:51.101 Error requesting favicon URL for about:reader content: favicon not found for uri 1 ReaderParent.jsm:33
onRejection resource:///modules/ReaderParent.jsm:33:13
Am I here on the right place…
Am I here on the right place for my question?
I have 2 Acer laptops. ES-11. ES1-132-C5XN and Aspire E11 ES3-111-C7Q5. With latest TOR browser updated.
With the last one, I can easily log under TOR in at all websites. With the first one it gives many problems. May be the provider blocks it in Malaysia? Before I also had some problems with bridges connection on the first computer. Meek Azure works the best. But not anymore on computer 1.
Please advise. Should I a clean install ? How do I do so?
hi, is there a way to make…
hi,
is there a way to make TOR the default browser in windows 10?
thanks,
Andres
I am very disappointed,…
I am very disappointed, because there are thousands of links but almost nothing is working. Each time a get the message about a timeout.
Am I doing something wrong? There was already somebody else raising this question some weeks ago but I saw no answer.
Thanks for any hint.
What do you mean? What is…
What do you mean? What is happening in your case? And how can I reproduce that?
We picked up the necessary…
Mozilla versions nightly by appending “beta”
Tor could version the browser with “patched”, like 60.2.1patched.
Otherwise this isn’t a proper version scheme.
We could do that, yes. The…
We could do that, yes. The risk here is that we ship untested bits (adding "patched" to the version number) in an update that needs to get out as fast as possible, though...
Hi, I'm Abhijit from India…
Hi,
I'm Abhijit from India. Can I use Tor through my dongle.
warm regards
Abhijit
I think so.
I think so.