New Release: Tor Browser 9.5.3

by sysrqb | July 28, 2020

Tor Browser 9.5.3 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 68.11.0esr, NoScript to 11.0.34, and Tor to 0.4.3.6.

Also, this release features important security updates to Firefox.

The full changelog since Tor Browser 9.5.1 is:

  • All Platforms
    • Update Firefox to 68.11.0esr
    • Update NoScript to 11.0.34
    • Update Tor to 0.4.3.6

Comments

Please note that the comment area below has been archived.

July 30, 2020

In reply to sysrqb

Permalink

Snowflake uses WebRTC. Is it still true that WebRTC leaks?
https://tor.stackexchange.com/a/1070

Does it leak in both Tor Browser and Firefox?

WebRTC APIs use JavaScript. If Snowflake is enabled, will it enable JavaScript in the browser? What will happen to the Safest setting in Tor Browser?

Yes, Snowflake uses webrtc but it is a separate program from the browser. Javascript from web content doesn't have any access to snowflake, and a web page can't use webrtc to bypass the tor client and directly connect with another server.

August 03, 2020

In reply to sysrqb

Permalink

Seems dangerous.

One must ask, why would TOR voluntarily promote a technology that's been derided by both experts and the community as a threat to privacy? This idea is equivalent of keeping a dragon in a cage, hoping it doesn't scorch you. An innocent coding error and the entire TOR userbase could have their IP exposed.

Why take such a colossal and unnecessary risk? Just use a different solution or don't do it at all. C'mon guys you can do better. You NEED to do better.

You are conflating two very different problems. The WebRTC protocol isn't dangerous by itself, it is dangerous when it is used by web applications. Snowflake is solving a very different problem and it's use of webrtc is no different than any other pluggable transport (obfs4/meek/etc.).

July 31, 2020

In reply to sysrqb

Permalink

If a machine running the tor daemon has a local user who opens Tor Browser running the snowflake daemon, could a circuit be created by an external user who connects to the snowflake daemon that uses the machine as the entry bridge and the exit relay of that circuit? (tor process and snowflake process running on same machine)

No, the snowflake client included in Tor Browser is not a snowflake proxy. The snowflake bridge in Tor Browser only accepts local connections, it does not proxy connections for other users.

July 28, 2020

Permalink

In the android version if you go at Settings->General and press the "sign in" button the browser crashes.
This happens every single time.

July 29, 2020

In reply to sysrqb

Permalink

9.5.3 I am talking about the settings, not about:config.
I am talking about the settings we use to disable/enable coookies, change search engines, etc.
Go at settings->General and in the top of the page, the first button is the "Sign in" one.
I am using the ANDROID version.
Still you can't find it?
I dont think that the version of my browser is modyfied, I have downloaded from torproject.org and the signature seems OK.

July 30, 2020

In reply to sysrqb

Permalink

I can confirm that it is there in the android version.
I dont know if it had been there, never noticed before.

July 31, 2020

In reply to sysrqb

Permalink

I am using ANDROID 8.1, i dont know why it is appearing, can i communicate with you via email and send you a screenshot?
It is there, and when I tap on it, the browser crashes.
Thanks for your support.
Does enyone else noticed that?
Or am I the only person?
How many years before did you removed it?
My very bad guess would be that malware modyfies the apk, but in all other ways it is ok, it writes 9.5.3 in top of the page and it follows the updates you do, changes happen, like the obsf4 fix, so why it would be there?

Can you check this in android 8.1 ecosystem and install the arm?
But i dont believe in any way that this will make any difference.

July 31, 2020

In reply to sysrqb

Permalink

Also note that this option is present in fennec f droid.
And your settings are the same, except the location and health support which are not in TB.
Are you 100% sure that you have removed that piece?
Can you check if this option exists in fennec f droid in android 8.1?
If it is not present, i wilk have to communicate with you via email.

July 28, 2020

Permalink

Hi Guys
i updated my tor Browser but i looked up at Tor.exe folder and it wasn't updated at all !
it looks like very old version of Tor but i installed the latest release

August 03, 2020

In reply to sysrqb

Permalink

Cool, because that functionality has been missing ever since Tor Browser moved to the version of Firefox that removed the shift+f2 console with the screenshot command.

Can you provide any more details about this? Did you receive any error messages? Did you upgrade from a previous version? Did you click any buttons in the browser before your bookmarks disappeared?

My bookmarks are here on an auto-updated desktop version from 9.5.1 to 9.5.3. Years ago, I made a habit to export them before major changes such as if the first or middle number is going to change, if I'm reinstalling Tor Browser to reset everything, if I'm going to reconfigure something that could affect the bookmarks, or if I use Tails.

The last time I remember hearing about bookmarks disappearing was when the Android version changed away from Orfox in September 2019: https://blog.torproject.org/orfox-paved-way-tor-browser-android

To everyone having bookmark problems: Please answer the questions sysrqb has asked the others, and include your OS. No one has stated yet if the problem appears on all OS or just Android.

My bookmarks have disappeared as well - they still exist in book mark backups BUT Tor fails to import any of the backups I select...and none of the fixes in the support pages appear to work either. Naturally I am kindly notified that they don't work when tor opens with the message that another program has the file open so I won't be able to access them....
Have tried most of whats in the support pages...but nothing works...

July 30, 2020

Permalink

Tor updated on the 28th july now i cant delete temp book marks from the libruary, how do i revert to an earlier edition ?

July 30, 2020

Permalink

After update............restart Tor.
"The bookmarks and history system will not be functional"

August 01, 2020

In reply to sysrqb

Permalink

Same issue.

Attempted all steps in "fix" document. Nothing restored the bookmarks.

Attempted to import bookmark auto-backup from a few days ago (prior to update). Error says bookmark file cannot be processed.

I had this problem. When I disabled Avast and reinstalled TBB 9.5.3, the problem was solved. That means no more trouble even after Avast was re-enabled. Please note:
"The bookmarks and history system will not be functional because one of Firefox's files is in use by another application. Some security software can cause this problem." My security software needed a nap while I installed TBB.

August 01, 2020

Permalink

Hello, the question I've asked recently regarding the constant NoScript warning that covers my screen has not gotten a response this time whereas I had a nice chat a year or so ago on this topic. So now it persists; should I overide the security level preset or what? I don't wish to harp on this, it is just relentless at times.

August 01, 2020

Permalink

Hi,

Does anyone know why the update Firefox works in Tor but when not using Tor the update Firefox v79 does not access the internet?

Version 78.0.2 does access the internet but when I download v79 and do NOT change any security setting ie firewall, antivirus, proxy if indeed I am using a proxy etc, Firefox deletes my bookmarks addons and says it can not access the internet

I'm not sure if this is the correct place to ask but it seems strange to me that the update works only in Tor.

NB Please note I am not a technician in my understanding of answers.

However, I do know that I have not done anything different in upgrading to v79 than I did to upgrade to 78...77...76 etc.

Thank you.

August 01, 2020

Permalink

My bookmarks are gone. I can not add new pages. I can not restore them from backups. The instruction from FF page does not work. Give me back my bookmarks!

August 04, 2020

Permalink

y is the same thing copy pasted in full changelogs ?
isnt it meant to be detailed ?
like what changes actually came with these ?

Update NoScript to 11.0.34
Update Tor to 0.4.3.6

August 05, 2020

Permalink

"The bookmarks and history system will not be functional because one of Firefox's files is in use by another application. Some security software can cause this problem."

Downloaded earlier versions, installed them and this problem vanishes!

August 06, 2020

Permalink

I am also getting the same message about bookmarks and history system not being functional and when I try to download something...nothing happens...check the library and it is blank. Here is the specific message. I tried all the suggested solutions and none worked:

The bookmarks and history system will not be functional because one of the Tor Browser's files is in use by another application. Some security software can cause this problem.

August 06, 2020

Permalink

What is problem??help me.

"Couldn't sign you in This browser or app may not be secure. Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in."

August 07, 2020

Permalink

What are the benefits of constant private mode over regular customized mode with no history and delete everything on close?

August 08, 2020

Permalink

Hi . I cannot disable ipv6 . And snowflakes is not appareing. Bridge :Obfs 4 or Azure . The only one solution to block ipv6 is behind a vpn . Or using new Orbot version and let them working both.

August 11, 2020

Permalink

This description of a defect in 9.5.3 is being presented in this forum because the read-only Tor Trac Bug Tracker and Wiki site did not migrate my account to The Tor Project's Gitlab! site, and The Tor Project's Gitlab! site has not replied to my request for Account Creation.

Testing proves this defect is equally present in versions 9.5.3, 9.5.1, and 9.5, but it is not present in 9.0.10, 9.0.9, and 9.0.4.

In 9.5.3 (and in the aforementioned versions) setting modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 is necessary to prevent user eyestrain and eye fatigue when using Tor Browser on MacBook Air 13-inch laptop.

However, when 9.5.3 (and 9.5.1 and 9.5) is using modified Value 2.4 when the browser starts, the window opens at screen resolution w:998 x h:599 across browser sessions, letterboxing displays the screen resolution at w:348 x h:399 and w:798 x h:599 across sessions when adjusting the window size manually, and Enter Full Screen displays the screen resolution at w:1198 x h:599 across sessions.

In 9.5.3 (and in 9.5.1, 9.5, 9.0.10, 9.0.9, and 9.0.4) selecting modified Value 3.0 and restarting Tor Browser opens the window at screen resolution w:800 x h:500 across browser sessions, but Value 3.0 causes the inner and outer windows, inner window content, and bookmarks folders and text in the Bookmarks Toolbar visible beneath the URL Address Bar to be excessively oversized, objectionably too large, and user unfriendly.

In contrast, modified Value 2.4 hits the sweet spot where all is good.

When versions 9.5.3, 9.5.1, and 9.5 are using modified Value 3.0 when the browser starts, and the user immediately sets modified Value 2.4, the window instantaneously displays screen resolution w:1000 x h:600, but only for that browser session, manually adjusting the window size correctly displays the screen resolution at a design multiple of w:50 x h:50, w:100 x h:100, or w:100 x h:200, but only for that session, and Enter Full Screen displays the screen at w:1200 x h:600, but only for that session.

Restarting 9.5.3, 9.5.1, and 9.5 while they are using modified Value 2.4 opens the window at screen resolution w:998 x h:599 across sessions, letterboxing incorrectly displays the window at screen resolutions w:348 x h:399 and w:798 x h:599 across sessions when adjusting the window size manually, and Enter Full Screen opens the window at w:1198 x h:599 across sessions.

In contrast, when versions 9.0.10, 9.0.9, and 9.0.4 are using modified Value 2.4 when they start, the window opens at screen resolution w:1000 x h:600 across browser sessions, letterboxing correctly displays the screen resolution only at some multiple of w:50 x h:50, w:50 x h:100, or w:100 x h:200 when manually adjusting the window size across sessions, and Enter Full Screen opens the window at screen resolution w:1200 x h:600 across sessions.

Can we fix this defect so that when Tor Browser is using modified configuration about:config > layout.css.devPixelsPerPx Value 2.4 when it starts, Tor Browser (1) opens the window at screen resolution w:1000 x h:600 across browser sessions, (2) letterboxing sets a correctly conforming multiple of screen resolution when manually adjusting window size across sessions, and (3) Enter Full Screen displays the screen resolution at w:1200 x h:600 across sessions?

Tor Browser versions 9.5.3, 9.5.1, 9.5, 9.0.10, 9.0.9, and 9.0.4 are using the following Customize settings in the screen resolution tests that prove the described observations:

(1) Customize... > Toolbars > ✓ Bookmarks Toolbar

(2) Customize... > Density > Compact

(3) Customize... > drag ★Bookmarks Toolbar Items into Bookmarks Toolbar

(4) Customize > Title Bar, Drag Space, and Themes are at their default settings.

Thank you

August 15, 2020

Permalink

Enterprise Policies are botched?

All Updates in Enterprise Policies are off but HTTSEverywhere tries downloading new rulesets?

HTTPS-Everywhere is not controlled by Enterprise Policies. You can disable addon updates by going to `about:addons`, select the Gear/Settings button and uncheck "Update Add-ons Automatically".

August 17, 2020

Permalink

I was just in the middle of watching a video, and the video stopped and a yellow box showed up over the player. Then, I noticed the Noscript icon had a red line through it. My shield is on safer, and I had allowed media in Noscript which is how I was watching the video, but it's as if it was reset all of a sudden. Remembering older comments, I looked at Noscript's information in Add-ons, and it says it updated today to version 11.0.38. Did Noscript's update cause my video to stop playing? Because seeing my permissions suddenly change by themselves freaked me out.

August 20, 2020

Permalink

TypeError: aBrowser is null SessionStore.jsm:1159:9
updateSessionStoreFromTablistener resource:///modules/sessionstore/SessionStore.jsm:1159
updateSessionStoreFromTablistener resource:///modules/sessionstore/SessionStore.jsm:443
SSF_updateSessionStore resource://gre/modules/SessionStoreFunctions.jsm:441
UpdateSessionStore resource://gre/modules/SessionStoreFunctions.jsm:19