Tor Browser 6.5a5 is released
Tor Browser 6.5a5 is now available from the Tor Browser Project page and also from our distribution directory.
This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2) and a fix of our updater code so it can handle unix domain sockets.
The Firefox security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.
Tor Browser users who had set their security slider to "High" are believed to have been safe from this vulnerability.
A note to Linux users: We still require the same update procedure as experienced during the update to 6.5a4: a dialog will be shown asking to either set `app.update.staging.enabled` or `extensions.torlauncher.control_port_use_ipc` and `extensions.torlauncher.socks_port_use_ipc` to `false` (and restart the browser in the latter case) before attempting to update. The fix for this problem is shipped with this release and we will be back to a normal update experience with the update to 6.5a6. We are sorry for this inconvenience.
Here is the full changelog since 6.5a4:
- All Platforms
- Update Firefox to 45.5.1esr
- Update NoScript to 2.9.5.2
- Linux
- Bug 20691: Updater breaks if unix domain sockets are used
Comments
Please note that the comment area below has been archived.
i'm problem with
i'm problem with update.
there were problems checking for, downloading, or installing this update. Navigateur Tor could not updated because:
The integrity of the update could not be verified
where in my problem please.
thank you
Is that still an issue for
Is that still an issue for you? Which operating system are you using and which Tor Browser locale?
i no problem with update,
i no problem with update, everything work.
hi, I'm running TB 6.0.7
hi,
I'm running TB 6.0.7 (based on Mozilla Firefox 45.5.1) and it says there are no updates available when I check...
WHY??
(win xp sp3 on a amd athlon xp processor)
Sounds like you're on the
Sounds like you're on the "stable" branch of Tor Browser.
There is an "alpha" branch too, which is what this post is about.
If you're on the stable branch (which is totally fine -- most people are), it will track updates to stable. Whereas the alpha branch tracks updates to alpha.
This is a five year old bug,
This is a five year old bug, https://bugzilla.mozilla.org/show_bug.cgi?id=1321066#c17
Anyone audited this thing?
Thanks for another great
Thanks for another great release!
On a highly loaded system
On a highly loaded system during New Identity:
Torbutton cannot safely give you a new identity. It does not have access to the Tor Control Port.
Are you running Tor Browser Bundle?
Is that reproducible? If so
Is that reproducible? If so do you see any message/error in the error console that could be related? (You open it in Tor Browser with Ctrl + Shift + J)
Seems to be during overload
Seems to be during overload of network stack. During CPU overload:
NS_ERROR_NOT_AVAILABLE: Cannot call openModalWindow on a hidden window nsPrompter.js:347:0
Error: Script terminated by timeout at:
torbutton_do_new_identity/<@chrome://torbutton/content/torbutton.js:1360:24
torbutton.js:1360:24
Hm. You mean this is related
Hm. You mean this is related to the alert dialog popping up? Like, every time you get one error you get the other one as well?
No. Only "unresponsive
No. Only "unresponsive script" dialog appears during high CPU load, and those errors in Console. So that alert dialog is another issue.
OP here. I dunno if that's
OP here.
I dunno if that's reproducible. When I pressed OK on that dialog and opened error console, I found this:
[12-08 15:28:13] Torbutton NOTE: Exception on control port [Exception... "Component returned failure code: 0x804b000e (NS_ERROR_NET_TIMEOUT) [nsIBinaryInputStream.readBytes]" nsresult: "0x804b000e (NS_ERROR_NET_TIMEOUT)" location: "JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_socket_readline :: line 1534" data: no]
[12-08 15:28:13] Torbutton WARN: Torbutton was unable to request a new circuit from Tor
Which operating system are
Which operating system are you using? FWIW: I've created https://trac.torproject.org/projects/tor/ticket/20902 for further investigation. Thanks for using an alpha release and reporting issues back.
It was only once on Win XP
It was only once on Win XP SP3, so it was reported as a notice, not an issue.
https://aus1.torproject.org/d
https://aus1.torproject.org/dist/torbrowser/update_2/alpha/WINNT_x86-gc…
09:08:51.824 Public-Key-Pins: An unknown error occurred processing the header specified by the site. en-US
Interesting. Where did you
Interesting. Where did you get that log from? Is that reproducible?
Appears here and there in
Appears here and there in the current alphas.
I just tested it on Windows
I just tested it on Windows and I don't get this error. More importantly after closing Tor Browser the HPKP entry for aus1.torproject.org gets written to SiteSecurityServiceState in the browser profile. Thus, this seems to be working.
Do you get that entry in the SiteSecurityServiceState as well? You should be able to find that file in your profile directory in Tor Browser\Browser\TorBrowser\Data\Browser\profile.default.
Yes, it's working and isn't
Yes, it's working and isn't site-specific. It happens sometimes for an unknown reason. And it seems better to test it with filled entries in that file - to check inconsistencies between received and written states.
If you reload the main page
If you reload the main page (tpo) with Network tab (in Web Developer), you'll get:
Torbutton INFO: tor SOCKS isolation catchall: https://www.torproject.org/images/onion-heart.png via --unknown--:de6a28fb71abeba4febbbdde61de345e
Thanks for this report! I've
Thanks for this report! I've opened https://trac.torproject.org/projects/tor/ticket/20915 to investigate what is going wrong.
Thanks for the TOR I like
Thanks for the TOR I like Tor and Appreciate your hard work. i must add that.