Tor Browser 5.5a1 is released
The Tor Browser Team is proud to announce the first alpha release in the 5.5 series. The release is available for download in the 5.5a1 distribution directory and on the alpha download page.
This release features important security updates to Firefox. In particular, while the recent PDF.js exploit did not affect 4.5 users, it does affect users of 5.0a3 and 5.0a4. Although the High security level of the Security Slider also prevented the exploit from working against even those users, all alpha users are still strongly encouraged to upgrade as soon as possible.
In addition to fixing these security issues, the remaining major issues with Firefox 38 from 5.0a4 were also fixed. This release also features improvements to fingerprinting defenses. In particular, we continue to refine our font fingerprinting defense that was added in 5.0a4. With this defense, Tor Browser now ships with a standard set of fonts, and prefers to use the provided fonts instead of native ones in most cases. Interested users are encouraged to help us refine this defense by commenting on the associated ticket in our bugtracker.
This release also will reset the permanent NoScript whitelist, due to an issue where previous NoScript updates had added certain domains to the whitelist during upgrade. The whitelist is reset to the default for all users as a result, and future updates to the whitelist by NoScript have been disabled.
Here is the complete changelog since 5.0a4:
- All Platforms
- Update Firefox to 38.2.0esr
- Update NoScript to 2.6.9.34
- Update Torbutton to 1.9.3.3
- Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
- Bug 16730: Reset NoScript whitelist on upgrade
- Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
- Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
- Bug 14429: Make sure the automatic resizing is enabled
- Translation updates
- Update Tor Launcher to 0.2.7.7
- Translation updates
- Bug 16730: Prevent NoScript from updating the default whitelist
- Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
- Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
- Bug 16311: Fix navigation timing in ESR 38
- Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
- Bug 16672: Change font whitelists and configs for rendering issues (partial)
Comments
Please note that the comment area below has been archived.
Same bug again: once the
Same bug again: once the "SocksListenAddress 0.0.0.0:9150" added into torrc , Tor Browser 5.5a1 will crashed at start, so as Tor Browser 5.0. I am a chinese user,so I cannot use whonix without "SocksListenAddress 0.0.0.0:9150".
Browser 5.0 will crashed
Browser 5.0 will crashed
Yes. Tor Browser is
Yes. Tor Browser is crashing. I have also found that if I search for gmail or yahoo I have found two hacks to my accounts. One was at 3 am East time...(I am not up at that time of the morning.... One just now in Yahoo. It came up in another language (other than English) with an unknown USER NAME sitting at the top of the screen where mine usual sits.
Does anyone have any idea what the heck this is about?
And Yes it took no time at all for Gmail and Yahoo to ask me for 'proof it was me'.
I still use Vidalia to view
I still use Vidalia to view Tor traffic, manage tor relays, circuits, is there any vulnerable bug to stop using Vidalia?
When installing Tor bundle
When installing Tor bundle "torbrowser-install-5.0_en-US" in Windows 10, and trying to open Tor I get the following message:
XML Parsing Error: undefined entity
Location: chrome://browser/content/browser.xul
Line Number 1401, Column 11:
Do not use Tor over Win10.
Do not use Tor over Win10.
Since Win10 has keyloggers connected to Microsoft, enough to know what are you searching or which people are you talking.
You need to remove the
You need to remove the installation you have even if it is the current version, and download a fresh installation.
Keeps crashing on mac, when
Keeps crashing on mac, when accessing tumblr,
same here! Does anyone know
same here! Does anyone know why it keeps crashing when using Tumblr? Has anyone contacted TOR about this issue?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/16771
The bug says Google Maps, but the tumblr crash is identical (someone reproduced it, and the stack trace was the same there). So, yes, someone's filed a bug about it, it's a know issue that's been root caused, and is being fixed.
Thank you for replying! So,
Thank you for replying! So, when it gets fixed, will I have to download and install a new version of TOR or will it update itself next time I launch it? Also, any idea of how long will it take them to fix it?
You get notified when a new
You get notified when a new version is ready and can use the internal updater. We are currently testing a bugfix Tor Browser which gets released shortly.
Yeah, I always see notices
Yeah, I always see notices on the "About Tor" page about when there's a new version out. But I wanted to make sure and ask because I didn't know if fixing this bug was something that required a total new download of the app or something that could get fixed like, for example, one of the extensions. The other day I saw that the extension NoScript was gonna be updated next time I restarted my browser/TOR without the need to download and instal a new version of it. Thank you for replying!
I am currently using tor
I am currently using tor browser bundle 5.0 ... is there good feedback on this alpha 5.5 yet? should i just stick with this until the full release? I also noticed reset in white list .... what does this mean for me if i download? do i have to config anything ? I do not have a tor browser drop down like i see in people's videos .... the orange bar "tor browser" in the top left corner why is this ? is it just because my browser type or is that a plugin or something added to the bundle by users ?
not completely tech / computer savvy ... don't worry i am motivated to learn xD it's just not as easy when reading and not having someone there to explain in real time or chat with at least . I barely knew how to change my face book settings not too long ago though so .. i think i am doing alright ... so ignore the noobness of my questions .
try alpha 5.5 if you want to
try alpha 5.5 if you want to use tor browser a bit more and report any bugs or improvements if you come across any
Works flawlessly
Works flawlessly
Crashes a lot since updating
Crashes a lot since updating to 5.0
The New Version 5.0 is very
The New Version 5.0 is very bad, because under Page-Info the Media-Info is missing.
THisn is not Uswrfriendly. AVOID THIS!!!!!!!!!!!!!!!!!!!!!!!.
i do not update , i download
i do not update , i download the new stable version 5.0 : no problem.
do not forget that downloading unstable version are for test bugger & dev.
Does this version still have
Does this version still have NoScript disabled by default which helped the FBI bust hidden services in previous years?
https://thehackernews.com/201
https://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-por…
Be sure you're running a recent enough Tor Browser Bundle. That should keep you safe from this attack. Windows users are advised to Update Tor Browser Bundle, version 2.3.25-10 (released June 26 2013), 2.4.15-alpha-1 (released June 26 2013), 2.4.15-beta-1 (released July 8 2013), 3.0alpha2 (released June 30 2013) includes the fix. Consider disabling JavaScript (click the blue"S" beside the green onion, and select "Forbid Scripts Globally"). Disabling JavaScript will reduce your vulnerability to other attacks like this one, but disabling JavaScript will make some websites not work like you expect.
Update: According to Baneki Privacy Labs research, the IP address 65.222.202.53 hardcoded into the exploit belongs to Virginia is actually owned by Science Applications International Corporation (SAIC), a major intelligence, military, aerospace, engineering and systems contractor involved with the Federal Bureau of Investigation (FBI), Defense Advanced Research Projects Agency (DARPA) , Central Intelligence Agency (CIA) and National Security Agency (NSA).
They believe that the hardcoded IP address is directly allocated to the NSA's Autonomous Systems (AS), so its probably not the FBI, its NSA who used Firefox Zero-Day exploit to compromise Freedom Hosting and TOR network.
troll ; same question on torbrowser 5.0 & 5.5a1 released
Nightmare installing Tor on
Nightmare installing Tor on linux mint, I have DL the package and running it by just double clicking on Tor Browser Icon. Is it secure?
Yes, just download the Tor
Yes, just download the Tor Browser from the big download button on torproject.org. Then you can click on the archive you downloaded and extract it to wherever you want. Then just click on the launch icon to open it up. This is secure, I do it in Mint all the time.
Tor Browser updated itself,
Tor Browser updated itself, I did not not want this 5.0 version, until the bugs were worked out. Not sure how it updated without a prompt message; I don't like it at all. My browser add-on preferences were gone from header space. Every time I customize, it crashes. I'm moderately computer savvy, but I don't like updates that are this frustrating and counter-intuitive. Don't force an update that people will dislike; wait until it's ready to go-- and only if it's wanted.
I am using Brief addon (RSS
I am using Brief addon (RSS reader)
now, I cannot add the folder of the RSS in the Bookmark, so the addon cannot find or show me any feed!
When will the Astoria or
When will the Astoria or Hornet Browser be released?
Given that Astoria and
Given that Astoria and Hornet themselves aren't yet really usable, it is a bit premature to be talking about a browser built on them. Besides, neither of them are projects of The Tor Project so you're probably better off asking on some other website.
I'v read the article
I'v read the article https://www.torproject.org/docs/verifying-signatures.html.en. I know that users get the signing key from one server and signatures from another, it is possible for both servers get cracked, compare to sha1 hashes, just one more server for getting signatures or the keys, is it meaning just one more time secure than the checksum?
I am not sure I understand
I am not sure I understand your question. Could you perhaps rephrase it?
yes if it happens, the
yes
if it happens, the signature and the signing key does not match.
usually it cannot be because you must verify the integrity/authenticity of the tor file with the key ; both must match.
is it meaning just one more time secure than the checksum?
checksum is less secure than a signature (sig/asc).
signature does a deep verification and a checksum does a weak verification of the data integrity/authenticity.
Does anyone know anything
Does anyone know anything about the Firefox tiles in the Tor Browser Bundle? Tiles seem to be enabled if you tell Tor to stop dumping history on exit. I know what they do in Firefox, but do they still send data back to Mozilla in Tor?
GDATA Antivirus (German)
GDATA Antivirus (German) discovered a vermin in the browser: (Fingerprint: [b7eb851e])
He said it was deactivated!?
Can anyone followed this?
Hello ,I have the same
Hello ,I have the same "problem". But I did both tor and checked the subsequently installed by AddOn Multi Engine Virus Scanner. - No virus.
Perhaps because the scanner detects something which is not even there.Must be time to watch what if I new installation both.
Why do not coincide
Why do not coincide sha256sums
https://dist.torproject.org/torbrowser/5.0.1/ (torbrowser-install-5.0.1_ru.exe 2015-08-17 13:05 42M)
https://dist.torproject.org/torbrowser/5.0.1/sha256sums-unsigned-build… (e9e211a4864a089ba50fa38b48024d262e25fcdb0591a749a5f3cf4d23fd3961 torbrowser-install-5.0.1_ru.exe)
If right click on the
If right click on the selected text and click search, then I get redirected to the homepage of a search engine. If I search from address bar or search bar, it is mostly I get the search result.
which one ad remover is safe
which one ad remover is safe enough to use in tor browser?
I use it years ago untouched "official"state, without java, but i began to hate all ad on net now,
what is the difference in
what is the difference in 5.5 vs 5.0.2?
Hi guys Edward here how
Hi guys Edward here how secure is tor