Tor Browser 4.5.2 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
Here is the complete changelog since 4.5.1:
- All Platforms
- Update Tor to 0.2.6.9
- Update OpenSSL to 1.0.1n
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update Torbutton to 1.9.2.6
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Bug 14429: Make sure the automatic resizing is disabled
- Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser
Comments
Please note that the comment area below has been archived.
> Update OpenSSL to 1.0.1n I
> Update OpenSSL to 1.0.1n
I take it then that Tor/Firefox are not effected by the HMAC ABI breakage that required the v1.0.1o release of OpenSSL the day after v1.0.1n?
That is our current
That is our current understanding, yes. Thus, even pointing to a system tor or copying a self-compiled tor into the respective Tor Browser directory should not break things for users.
The regular Tor Browser update in two weeks will ship with OpenSSL 1.0.1o then.
By the way: "The regular Tor
By the way:
"The regular Tor Browser update in two weeks"
Will this update be 4.5.x or 5.x.x ??
4.5.3 ad 5.0a3
4.5.3 ad 5.0a3
To: mikeperry, gk, arma,
To: mikeperry, gk, arma, erinn, et. al.
Firstly thanks for bringing out the latest update.
Secondly, according to gk, the next update of Tor Browser will include OpenSSL 1.0.1o.
Please, please, co-ordinate with Tails' developers so that Tails will have a Tor Browser that includes OpenSSL 1.0.1o and the latest updates from you guys. Your ability to work with Tails as a team and in-sync would be appreciated. For your info, according to Tails' website, the next update of Tails is scheduled for June 30.
Yes, the next Tor Browser
Yes, the next Tor Browser release is scheduled for the same day. So, everything should work out.
Why not using OpenSSL 1.0.2c?
Why not using OpenSSL 1.0.2c?
My Windows PC has the
My Windows PC has the OpenSSL 1.0.2 branch in the system directory. Do you perceive possible conflicts with TorBrowsers OpenSSL 1.0.1 when using TorBrowser?
Are there security/anonymity benefits of using OpenSSL 1.0.1 over 1.0.2?
Are there security/anonymity
Are there security/anonymity benefits of using OpenSSL 1.0.1 over 1.0.2?
You will receive a faster response if you re-post your question on https://tor.stackexchange.com/
What's with the first
What's with the first question of that post Mr. Picky?
> You will receive a faster
> You will receive a faster response if you re-post your question on https://tor.stackexchange.com/
No, you won't. I asked the same question over a month ago and got no responses.
What's the difference
What's the difference between "new identity" and "new circuit for this site"?
New identity clears the
New identity clears the browser state.
What's the difference
What's the difference between "new identity" and "new circuit for this site"?
You will receive a faster response if you re-post your question on https://tor.stackexchange.com/
"New Tor Circuit for this
"New Tor Circuit for this Site" just gives you a new Tor circuit for the particular website leaving all your browser state (cookies, etc.) untouched. "New Identity" gives you basically a clean, new browser session.
Thanks guys!
Thanks guys!
Not sure if a bug - windows
Not sure if a bug - windows resizing is not working properly. When I open tbb and go to ipcheck.info my monitor screen sizes varies from 999 x 490 pixels and other variations of this instead of the default size intended for TBB.
works without problem on my
works without problem on my system: when I open ipcheck.info, I get 1000x600 pixels, which seems to be the intended value.
which operating system do you use?? maybe your window manager will mess up things...
I get--> Browser window
I get--> Browser window 1004 x 632 pixels (inner size)
on Windows.
The link
The link "https://weakdh.org/" is not working. I always get that "Problem loading page" thing...
The time: 14:30:00 UTC
now it works! I guess I was
now it works! I guess I was simply too impatient ::-)
ERROR: Not all signatures
ERROR: Not all signatures were verified
Is the signature's process during update not yet ready ?
What is broken in particular?
What is broken in particular?
The error message during the
The error message during the update is scary:
Jun 17 20:55:54.000 [notice] New control connection opened from 127.0.0.1.
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
Jun 17 20:56:15.000 [notice] Owning controller connection has closed -- exiting now.
Did we install hacked software?
No, see:
No, see: https://bugs.torproject.org/15532 for the background of this issue.
Some files from
Some files from https://dist.torproject.org/torbrowser/4.5.2/ has 0 byte size
for example: tor-win32-0.2.6.9.zip, torbrowser-install-4.5.2_it.exe, TorBrowser-4.5.2-osx64_es-ES.dmg.asc and others.
This should be fixed now,
This should be fixed now, thanks for reporting.
What is the fix for Logjam,
What is the fix for Logjam, disabling DHE ciphers or requiring minimum bitness, and If bits, how many?
Disabling DHE ciphers is one
Disabling DHE ciphers is one option but Mozilla did not do this. Rather, the fix we backported bumped the minimum key size. It is now 1024 bits.
Ok, thanks :)
Ok, thanks :)
SHA256 checksum doesn't
SHA256 checksum doesn't verify
https://dist.torproject.org/torbrowser/4.5.2/sha256sums-unsigned-build…
2de1e369dea4b2c6a1192bad8b65e9cfb70ea2830ddb2ab0305be95cddbcda84 torbrowser-install-4.5.2_en-US.exe
As the name of the file
As the name of the file implies this is the checksum of the *unsigned* .exe. Have you stripped the authenticode signature first, before comparing the SHA 256 sums? See: https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerif…
SHA256 checksum doesn't
SHA256 checksum doesn't verify
My personal experience is if you are using Microsoft Windows OS, you could try installing gpg4win and use it to verify torbrowser-install-4.5.2_en-US.exe.asc against torbrowser-install-4.5.2_en-US.exe
gpg4win is available for free from: http://www.gpg4win.org/download.html
AVG attacks Torbrowser
AVG attacks Torbrowser durning installation. (4.5.2 WIN)
Hadn't happened here, with
Hadn't happened here, with AVG on my Windows.
Same. Tried installing it
Same. Tried installing it differently as well.
same. AVG detect Unknown
same. AVG detect Unknown Virus during installation / upgrade of 4.5.2
Win 7
AVG exactly found a threat
AVG exactly found a threat named "IDP Generic Whitelisted". If let it repaire it deletes the tor.exe. Or you should add to AVG exceptions. I`v controlled the fingerprint and it was OK, but i don`t want punch a hole on my firewall with the exception. Please help me find a solution.
Tor browser is often unable
Tor browser is often unable to connect to the Tor network or pages
do not load.It works well only in Linux.I am in Russia.Can somebody
help?
I've tried to download the
I've tried to download the italian version but it's 0 byte large.
Can you check and solve this problem?
Thanks.
This should be fixed now,
This should be fixed now, thanks for reporting this issue.
Tor had finally been working
Tor had finally been working well for commenting on political sites. I could get a new circuit quickly, which is necessary for sites that have blocked many of Tor exit IPs. It is necessary to try many IPs before a post can get through the site's block list.
Now it is frigged up again, since getting a "new circuit for this site" reloads the page. The process takes much longer. Why did you change what had worked well?
If you people have no conception of what it is like to try and use Tor for online commenting, what in heaven's name are you using Tor for? Pirating movies?
Maximizing the browser
Maximizing the browser window still does not work (4.5.2 WIN). The maximize window button does odd things: resulting window too high for screen, or window reduced to a bar. I'd like to start maximized. What can I do?
Are you sure you want to
Are you sure you want to maximize? Are you aware of the fingerprinting implications?
I have the same issue.
I have the same issue. Unable to expand the TOR browser window. (Version 4.5.2 Windows 8.1) I could not find any options to correct this problem. Please help.
Domain isolation still
Domain isolation still broken. Can't download anything from any file host tried. When will this be a toggle?
Could you give me steps to
Could you give me steps to reproduce your problem?
And on 4.5, only worked
And on 4.5, only worked sometimes or with a new circuit created manually.
Link gets deleted because
Link gets deleted because *obviously* it is evil. If repeat, look at end of ticket 15933, and just find any link to that site anywhere. Last worked on 4.5
tor-browser-linux32-4.5.2_en-
tor-browser-linux32-4.5.2_en-US does not work for me:
$ ./start-tor-browser
$ echo $?
126
"If a command is found but
"If a command is found but is not executable, the return status is 126." For some reason you need to do a chmod +x on the file first. How and where (file system) did you extract the .tar.xz in the first place? What are the permissions of the script after extraction in your case?
7zip, ext4 and 644. I
7zip, ext4 and 644. I already found the instructions here https://www.torproject.org/projects/torbrowser.html.en#downloads
Thanks.
Downloaded this update
Downloaded this update multiple times, crashes immediately on launch, says to send the tor log, but the log is completely empty. This is 64-bit Mac OS X version.
Did 4.5.1 work for you (and
Did 4.5.1 work for you (and still does)? You can find it on: https://archive.torproject.org/tor-package-archive/torbrowser/4.5.1/
error ssleay32.dll tor
error ssleay32.dll tor missing file / bad install...avg error.
did a "restore" through avg after some fiddling and it "solved" it; but I'm not convinced currently. Gonna hit 4.5.1 for now.
4.5.1 is bringing up the error now too...
the website
the website (https://webmail.hostinger.com.br/auth) dont work with this version of Tor Browser.
and Tor Browser still with issues in Google recaptcha. =(
What do you mean with "dont
What do you mean with "dont not work"? It does not load, or...? And did it work with a former version? If so, which one?
The website
The website webmail.hostinger.com dont load.
the page show a blank page in a infinity loading.
Tor Browser doesn't have
Tor Browser doesn't have issues with Google recaptcha, Google recaptcha has issues with Tor Browser, or more specifically an issue with clients without javascript enabled.
ReCaptcha is still not
ReCaptcha is still not working. No images:
https://www.google.com/recaptcha/api2/demo
Yes, we are aware of it.
Yes, we are aware of it. See: https://bugs.torproject.org/16267
Please, give me a link to
Please, give me a link to download last version of the previous branch (4.0.8) for Windows (.exe) and its signature (.asc). Directory https://www.torproject.org/dist/torbrowser/4.0.8/ is gone and there is no trace available on the Internet. I need to use torbrowser with HTTP proxy. New versions 4.5.x do not support this.
Update. I managed to find
Update. I managed to find torbrowser-install-4.0.8_en-US.exe. If someone has PGP signature for this file (contents of .asc), please post it here for sure that the file is not trojaned.
torbrowser-install-4.0.8_en-U
torbrowser-install-4.0.8_en-US.exe.asc
This is not
This is not recommended!!!
...but, yeah:
https://archive.torproject.org/tor-package-archive/torbrowser/4.0.8/
Tor Browser versions 4.5.2 &
Tor Browser versions 4.5.2 & 4.5.1 for OS X are working usually fine.
But Tor Browser is actually crashing already for a long time on some webpages.
Tried to reproduce this again with the 4.5.2 version on this news page form dr.Web antivirus company, where this problem almost always is happening.
https://news.drweb.com/show/review/?lng=en&i=9461
Trying to directly print this page as a file, not using the preview option, results in a complete browser crash almost every time.
The crashes are not happening when I completely disable the page css, but you need to install an extra browser extension for that to accomplish printing without css lay out.
This crash was without any extra browser extension so it could not be addressed to that.
A very little piece of the crash report.
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000…….
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
The Dr. web site is only one of the sites thats causing a complete crash on printing as a file.
Now is this a Tor Browser problem or a very smart or bad webdesigned (css) way to prevent visitors printing a page?
I did not mention this before because it's only happening on some webpages.
What OS X version are you
What OS X version are you using? How do you print it? Could you give me the steps to reproduce the crashing?
Hi GK, I did not test it
Hi GK,
I did not test it yet on OS X 10.10 Yosemite but the crashes on the page mentioned are happening in two older different OS X versions.
Got another crash one, different OS X system
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000…….
Anyway, I figured out that it probably has something to do with the NoScript settings after I did bring the Torbutton slider to the security setting 'Very Much Higher'.
Now, because you do not have the spec for that (yet ;), where can I upload that particular "Very Much Higher" Noscript config?
Pasting the exported specific NoScript settings as plain text would take too much space here.
Also images can say more then a thousand words but there's not an upload function for that (?).
The crash procedure is quite simple.
Visit the particular page of Dr.Web
https://news.drweb.com/show/review/?lng=en&i=9461
Do not allowing javascripts, give a printing command (cmd P), window appears, take in the left corner below the pdf button and choose under the arrow the hidden menu the option "Safe as pdf" , choose a location for storing the file, enter, wait a moment, swoosh there vanishes your browser.
I did also change the page lay out settings a bit, I don't like the url on the right side because a lot of times it's leaving the page and therefore not to use afterwards, so I put it on the left side. Did remove the printing date as well.
I really do think it has something to do with these manual extra secure NoScript settings, I'll try to reproduce this later on OS X Yosemite 10.10 as well.
Hi again GK, Tested the
Hi again GK,
Tested the print crash problem on another machine with OS X 10.10.3 Yosemite and Tor Browser 4.5.2 (3100.1.1) X86-64 (Native).
It gave another crash again on the particular dr. Web sitepage.
Part of the crash report again :
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000……(some more numbers and letters)..
VM Regions Near …….:
VM_ALLOCATE …(some more numbers and letters)... [ 2824K] rw-/rwx SM=PRV
-->
VM_ALLOCATE …(some more numbers and letters).. [ 1024K] rw-/rwx SM=PRV
Extra note is that this problem exist on other websites as well (not a majority) but I just could remember this site doing this.
It seems OS X version independent, I tested it now several times with different Mac’s and different OS X versions, from the oldest supported X (by Torproject) to the newest OS.
Maybe you can reproduce this problem by setting NoScript almost as strict one can do, or otherwise just let me know where to paste an example of the used NoScript settings for this Crash matter.
If this is related to a
If this is related to a NoScript setting could you try to isolate that one? I tried to follow your steps with the security slider set to "High" on an old OS X system (10.6.8) but I did not get to crash my Tor Browser. Opening a bug on https://bugs.torproject.org might be a good way as well to track this issue further down.
Unable to expand the TOP
Unable to expand the TOP browser window. (Version 4.5.2 Windows 8.1) I could not find any options to correct this problem. Please help.
AVG 2015 detects "tor.exe"
AVG 2015 detects "tor.exe" for the "tor 4.5.2" as a threat and don't give any other option than deleting :(
I have the same issue.
I have the same issue.
same
same
Tor 4.5.2 update OK but when
Tor 4.5.2 update OK but when I ran it, AVG identity protection claims it could be a malware.
Unable to expand the TOR
Unable to expand the TOR browser window after update to version 4.5.2 (Windows 8.1, Windows 10, FullHD 1920x1080) I could not find any options to correct this problem. The problem occurs immediately after you make any change in your browser settings. The same problem also occur in version 5.0a2. Please help.
Be very sure you know
Be very sure you know exactly what your asking; Tor Browser is moving towards set browser window sizes for a reason! You're opening yourself up to browser fingerprinting.
Do you have steps to
Do you have steps to reproduce your problem?
Why do you not all work on
Why do you not all work on the Tor Project Browser? That way, we can keep releasing new version so much faster. You are all lazy punks, posting comments and wasting time. Go sign up and volunteer to work on this project, or else...
Or else Astoria will reign supreme!!!!!!!!!!!!!!!!!! HWAHAHAHAHA!
Whenever I search a term
Whenever I search a term using the right click->"Search for *", it goes to the disconnect search page and NoScript gives error "NoScript filtered a potential cross-site scripting (XSS) attempt from [chrome]. Technical details have been logged ..." How would I go by searching like this without disabling NoScript/temporarily allowing scripts?
By the way, there's a extra word typo and it says "Search Search for * instead, not sure if Tor devs should fix it or report it Mozilla.
Maybe try adding a whitelist
Maybe try adding a whitelist entry on NoScript Options --> Advanced --> XSS ?
The "Search Search" is
The "Search Search" is coming from the fact the we are using "Search" instead of "Disconnect" as our search engine name as users might get the feeling they are disconnecting from the Tor network with the search bar otherwise. Seems we can't win here. :/
I need to investigate the XSS warnings. Maybe Disconnect or we can do something about them. I've created https://bugs.torproject.org/16425 for it.
Why not abbreviate to DC or
Why not abbreviate to DC or Disc.? Would be better than leaving it as Search Search
SERIOUS: I was using TBB for
SERIOUS: I was using TBB for like an hour and then i visited ipcheck.info and it said that I was not using TOR and it could uniquely identify me!
Your IP:
213.61.149.100 (Proxy)
Cache (E-Tags) -> produced a number
HTTP session - > unlimited
Referrer: shown
and various other factors of identification! Why has this happened??
Potential bug: I set
Potential bug: I set NoScript to disallow all scripts globally, however if I set the tor button security setting to "Medium-High" it overrides the NoScript setting and allows scripts. This is pretty confusing.
This is a actually a feature
This is a actually a feature to avoid people shooting themselves in the foot by having different configuration settings. We provide four different security levels which govern JavaScript settings as well in a less-fingerprintable way.
Ok, this is alright if it's
Ok, this is alright if it's by design. The confusing part was, that it won't allow me to setup a more restrictive setting for NoScript. Now, that I know this, it's okay. Thank you for your effort!
I also have AVG detecting an
I also have AVG detecting an unknown threat in the update. What do I do now? I'm using Windows 8.1.
tor very great tor browser
tor very great
tor browser vulnerable to hacking,man-in-the-middle-attacks,viruses,spyware,etc
tor browser secure
thanks tor project to securing tor browser
I can not post
I can not post in
https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-june-17th-20…
so i try here:
"persistent Tor state for Tails?... advantage of the “entry guards” concept..."
wouldn't be a problem if user can set this on or off like "internal hdd mount" before login.
In present you can use Vidalia for a similar feature.If you want.
"In present you can use
"In present you can use Vidalia for a similar feature.If you want."
Right.
And the user can set HIS prefered entry,directory guards from the relay list in Vidalia. It would be really WORSE + a problem if TAILS denies custom entry.
The possibility to make custom entry persistent on DVD/USB woud be nice,too.
Somehow, with the new 4.5.2
Somehow, with the new 4.5.2 on Win7 64, Tor suddenly will NOT start at all.
I also tried the 5.0a2, which did the same. Older versions of Tor still work on my system.
Do you get error messages?
Do you get error messages? What does "NOT start at all" mean? You don't see any Tor Browser configuration dialog? Or just the browser is not showing up? Do you have an Antivirus program running? If so, which one?
Bridges do NOT work in this
Bridges do NOT work in this version of TBB for Linux. Whether obfs3 or obfs4, default bridges or manually entered, Tor will not be able to connect. You can only connect if you don't use bridges. Fix this, please.
Hi Mr. Perry I'm a Windows 7
Hi Mr. Perry
I'm a Windows 7 user and have been using Tor Browser for the past 5-6 years on both Windows XP & 7 successfully . In fact Tor has been working flawlessly for me up to the last 10 days . I have not been able to connect to Tor since then . I continuously get the message " no route to host ***.***.***.***:*** ".
The problem,in my opinion,started with version 4.5 and on later .
I have been getting bridges that resulted in the same result : no route to host .
In the meantime , I have been able to connect to FREEGATE software easily which IT SAYS "CONNECTED TO 7 SERVERS".
A few hours ago I got three more obfs3 bridges and I'm now connected to Tor and posting this message (comment ) .
By the way , I'm in Iran .
It seems that the censors have found a way to block Tor in Iran .
Please investigate my comments and try to find out a solution to the problem for the Iranians.
I don't know whether it's relevant or not :
I opened regular Firefox and after a minute or so I opened Tor Browser connect page and after 4 to 5 minutes I got connected . I did the same with other browsers and even when Freegate software was running and I could not get connected to Tor.
I'm anxiously awaiting for your new and improved Tor Browser .
What are the Tor devs
What are the Tor devs opinion on this: https://www.reddit.com/r/linux/comments/3af3q4/firefoxs_private_browsin…
Why sometimes firefox.exe is
Why sometimes firefox.exe is trying to connect to svchost.exe process?
I still have Chatzilla
I still have Chatzilla problem on Linux, when connecting: "error creating socket".
I added SocksPort 8150 NoIsolateSOCKSAuth below SocksPort 9150 in torrc-defaults
What do i put in Chatzilla >> Preferences >> Global Settings >> Proxy Type: ?
Neither of http://chatzilla.hacksrus.com/faq/#proxy settins works
Where is the newest release
Where is the newest release of Tor Browser?
https://www.torproject.org/do
https://www.torproject.org/download
Cloudflare has changed his
Cloudflare has changed his ugly behaviour blocking normal surfing with tor and is
working with most(?) exit relays?
That would be nice.
Have you changed the way the
Have you changed the way the scrolling through pages with the arrow down key works? Ever since this update it seems using the arrow up and down keys to move up and down a webpage results in different behaviour. Whereas before it would scroll down evenly and smoothly, now it makes sudden jumps and seems to act more like a tab key! I dont think it is performing tab function though. It will work well when scrolling through text for example, but then will suddenly change.
It seems like the arrow keys might be causing the cursor to jump to sections of text as if you are in a word processing program rather than on a webpage! It is very annoying whatever it is and I think it should be changed back. It also caused trouble when trying to select a body of text using the shift key + the up or down arrow, suddenly deselecting a section of text that had already been selected and jumping to another section. Is this a bug or was this deliberate to try and achieve something?
I am trying to download the
I am trying to download the Tor browser and verify that the download is secure. Tor instructions read:
-----------------------------------------------------------------------
To verify the signature of the package you downloaded, you will need to download the ".asc" file as well. Assuming you downloaded the package and its signature to your Desktop, run:
For Mac OS X users:
gpg --verify ~/Desktop/TorBrowser-4.5.3-osx64_en-US.dmg{.asc*,}
---------------------------------------------------------------------------
The download does not include the .asc file and I cannot find it to download. Anyone know where it is?