Tor Browser 5.5a6 is released
A new alpha Tor Browser release is available for download in the 5.5a6 distribution directory and on the alpha download page.
This release features an important fix for a crash bug in one of our patches. All users are encouraged to update immediately as this bug is probably exploitable if JavaScript is enabled. The bug was not exploitable at High security level, or on non-HTTPS websites at Medium-High security level.
In the past, signing Windows .exe files on a Linux machine caused verification errors on some Windows 10 systems. This should be fixed by adding the intermediate certificate in the signing process now.
Here is the complete changelog since 5.5a5:
- All Platforms
- Update NoScript to 2.9
- Update HTTPS Everywhere to 5.1.2
- Bug 17931: Tor Browser crashes in LogMessageToConsole()
- Bug 17875: Discourage editing of torrc-defaults
- Bug 17870: Add intermediate certificate for authenticode signing
Comments
Please note that the comment area below has been archived.
Thank you so much!
Thank you so much!
During an attempt to update
During an attempt to update to 5.5a6, my Firewall-suite isolated the updater and flagged it as an unrecognized executable. After restarting the browser, about:tor was not present, but a changelog appeared as the start screen, however there were no change log entries shown; just a blank page. Did my TB not fully update to 5.5a6? I'm confused because about:tor indicates that I'm using 5.5a6 & when I check for updates under the green onion icon, the Software Update window indicates that there are no updates available.
I guess you are affected by
I guess you are affected by https://bugs.torproject.org/17917.
Hmm; Well I'm concerned that
Hmm; Well I'm concerned that my firewall/defense-suite didn't allow the updater to actually update, rather than a disabled JS preventing the changelog from appearing like ticket #17917.Is there a way for me to revert back to the previous alpha release, and then back to 5.5a6? Or find out whether #17931 was patched? Thanks gk, I just want to be sure that I'm not opening myself up to a potential JS exploit. I have to constantly enable it because of CL0uDFL@RE requiring it everywhere.
If the about:tor page on the
If the about:tor page on the upper right corner shows "5.5a6" then you have the correct version. Reverting back is not really possible.
Hi all, as per my
Hi all, as per my understanding, the TOR protocol protects network traffic through the TOR network. However, what happens if the hacker is spying through the user's computer such as through a malicious program? I know that there are certain techniques such as sandboxing which may help isolate the tbb from other say malicious app? (ref #7008). is that already implemented in the latest release?
New attack on Tor can
New attack on Tor can deanonymize hidden services with surprising accuracy
http://arstechnica.com/security/2015/07/new-attack-on-tor-can-deanonymi…
https://blog.torproject.org/b
https://blog.torproject.org/blog/technical-summary-usenix-fingerprintin…
FBI Started De-anonymizing
FBI Started De-anonymizing The "Tor" Users Using Network Investigative Technique (NIT)
http://www.haktuts.in/2016/01/de-anonymizing-tor-users-using-NIT.html
?
gk, text 32/64-bit under MS
gk, text 32/64-bit under MS Win on the download page means combined TB bundle instead of version of OS. Please, correct.
Not sure what you mean but
Not sure what you mean but we ship only a 32 bit Windows Tor Browser which happens to run on 32 and 64 bit Windows systems though.
Exactly. But "32/64" means
Exactly. But "32/64" means TBB with 32 AND 64 FF in one. See https://www.mozilla.org/en-US/firefox/all/, where 64 means version of the product, not OS.
I use this version ( 5.5.6a
I use this version ( 5.5.6a ) and the normal version ( 5.0.7 ).
After two weeks I noticed that the first ip address, after "this browser" in the onion menu ( tor circuit for this site ) changed and now is the same for both version of Tor browsers. So the normal version and the alpha one have the same ip address.
Is that ip address Tor Entry Guards? ( I suppose yes )
Why I have that same ip on different versions of Tor Browser?
Could you please take a look at this ip address if it could be suspicious?
Could a suspicious Entry Guard try to get connected through a suspicious Exit Node?
I think I'm targeted but I not sure, I'm a "normal" user.
Could you tell me the best/official way to reset/change Tor Entry Guard?
Could you tell me the best/official way to run multiple istances of Tor Browser?
The suspicious ip address is: 124.6.36.230
Cheers by,
A Person Like You
Yes, what you describe
Yes, what you describe sounds exactly like the entry guard design.
For why two installs of Tor Browser ended up with the same entry guard, my bet is on 'coincidence'.
That particular relay is huge:
https://atlas.torproject.org/#search/124.6.36.230
so it probably has a bunch of users, including both of you.
Thank you for your reply. A
Thank you for your reply.
A Person Like You