Tor Browser 7.5a9 is released
Tor Browser 7.5a9 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox and fixes vulnerabilities in Tor. All users are encouraged to update as soon as possible.
This release updates Firefox to version 52.5.2esr and Tor to version version 0.3.2.6-alpha. In addition to that we updated the sandboxed-tor-browser, and the HTTPS Everywhere and NoScript extensions we ship.
The full changelog since Tor Browser 7.5a8 is:
- All Platforms
- Update Firefox to 52.5.2esr
- Update Tor to 0.3.2.6-alpha
- Update HTTPS-Everywhere to 2017.12.6
- Update NoScript to 5.1.8.1
- Update sandboxed-tor-browser to 0.0.16
Comments
Please note that the comment area below has been archived.
still sha1 & 1024 rsa ?…
still sha1 & 1024 rsa ?
the next generation (sha3 & 1024 _rsa_ des_ out please !)
1.Better crypto (replaced…
1.Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions#Howtoco…
i know ... it should be…
i know ... it should be operational in few years ... we are running an obsolete browser & firefox is not concerned : it is a corrupted choice ... which is showing its real face day by day since yet few years.
Most of sites on the net should have to be updated then the services then your computer then the router then the cable then the satellites , and in which order ?
The next generation is a good innovation but sha3/ed/curve could be a part of a browser now.
fed up !
Someone needs to read or…
Someone needs to read or reread: 'The Rise of ``Worse is Better''' by Richard Gabriel. https://en.wikipedia.org/wiki/Worse_is_better I almost regret linking the article- the effort of web searching for it illustrates the very point of the article itself, and there is plenty of commentary- Getting dramatic about a "corrupted choice... showing it's real face" isn't actually helpful. Kludges that work "good enough" are pretty much the nature of software everywhere, not just cryptography. Take a step back, breathe, count to ten.
SHA256 is fine too
SHA256 is fine too
все Ок
все Ок
I've run "hardened" versions…
I've run "hardened" versions for a while, but evidently I’ve been doing it wrong since I placed them in the Applications folder and ran 'em normally.
With this version I read the README and tried several times unsuccessfully to run it.
1. I placed the Sandboxed Tor Browser folder in my Home folder.
2. I tried simply double-clicking the two executables (which failed).
3. I noticed an error saying the tb.sb file wasn't found in the home folder.
4. I dragged the tb.sb and tor.sb files out of the Sandboxed folder and into the Home folder.
5. I copied the path to the first executable (start-tor-with-sandbox), pasted into Terminal and hit Enter.
This time the process ran and bootstrap completed 100%.
6. I followed the same steps to run start-browser-with-sandbox.
There were a lot of errors and Tor opened a sliver of a window that was incomplete - just a blank white page, no Settings button, Preferences don't work, address bar doesn't work etc.
What did I do wrong?
Keep in mind I'm not a Terminal geek - I usually just paste commands.
Probably a good idea for complete instructions to be included with these experimental versions.
Terminal output:
2017-12-10 04:26:02.618 firefox[8069:3991400] kCFURLVolumeIsAutomountedKey missing for file://localhost/Volumes/Tor%20Browser/: The file “Tor Browser” couldn’t be opened because you don’t have permission to view it.
2017-12-10 04:26:02.620 firefox[8069:3991400] kCFURLVolumeIsAutomountedKey missing for file://localhost/Volumes/Mini%20Secondary/: The file “Mini Secondary” couldn’t be opened because you don’t have permission to view it.
2017-12-10 04:26:02.620 firefox[8069:3991400] kCFURLVolumeIsAutomountedKey missing for file://localhost/Volumes/Mini%20Data/: The file “Mini Data” couldn’t be opened because you don’t have permission to view it.
1512908762900 addons.webextension. WARN Loading extension 'null': Reading manifest: Error processing devtools_page: An unexpected property was found in the WebExtension manifest.
1512908763300 addons.webextension. WARN Loading extension 'null': Reading manifest: Error processing permissions.1: Unknown permission "privacy"
1512908763300 addons.webextension. WARN Loading extension 'null': Reading manifest: Error processing permissions.4: Unknown permission "unlimitedStorage"
1512908763400 addons.xpi-utils ERROR Unable to read anything useful from the database
1512908764300 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Loading extension '{73a6fe31-595d-460b-a920-fcc0f8843232}': Reading manifest: Error processing permissions.1: Unknown permission "privacy"
1512908764300 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Loading extension '{73a6fe31-595d-460b-a920-fcc0f8843232}': Reading manifest: Error processing permissions.4: Unknown permission "unlimitedStorage"
1512908764400 addons.webextension.https-everywhere-eff@eff.org WARN Loading extension 'https-everywhere-eff@eff.org': Reading manifest: Error processing devtools_page: An unexpected property was found in the WebExtension manifest.
1512908764500 addons.webextension.https-everywhere-eff@eff.org WARN Please specify whether you want browser_style or not in your browser_action options.
0 migrated.
Illegal AddressMatcher: [xpconnect wrapped nsIPrefBranch] -- TypeError: s.split is not a function
[Parent 8069] WARNING: parent WaitForMessage() failed: 0x10004003 (ipc/rcv) timed out: file /var/tmp/build/firefox-599b20a38d14/ipc/glue/GeckoChildProcessHost.cpp, line 958
[Parent 8069] WARNING: Failed to launch tab subprocess: file /var/tmp/build/firefox-599b20a38d14/ipc/glue/GeckoChildProcessHost.cpp, line 576
1512908796100 addons.xpi WARN Attempting to activate an already active default theme
1512909283900 addons.update-checker WARN onUpdateCheckComplete failed to determine manifest type
1512909283900 addons.update-checker WARN onUpdateCheckComplete failed to determine manifest type
1512909286100 addons.update-checker WARN Update manifest for e10srollout@mozilla.org did not contain an updates property
1512909286700 addons.update-checker WARN Update manifest for {972ce4c6-7e08-4474-a285-3208198ce6fd} did not contain an updates property
1512909293800 addons.webextension. WARN Loading extension 'null': Reading manifest: Error processing permissions.1: Unknown permission "privacy"
1512909293800 addons.webextension. WARN Loading extension 'null': Reading manifest: Error processing permissions.4: Unknown permission "unlimitedStorage"
1512909294000 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Loading extension '{73a6fe31-595d-460b-a920-fcc0f8843232}': Reading manifest: Error processing permissions.1: Unknown permission "privacy"
1512909294000 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Loading extension '{73a6fe31-595d-460b-a920-fcc0f8843232}': Reading manifest: Error processing permissions.4: Unknown permission "unlimitedStorage"
Illegal AddressMatcher: [xpconnect wrapped nsIPrefBranch] -- TypeError: s.split is not a function
It seems you are hitting…
It seems you are hitting https://trac.torproject.org/projects/tor/ticket/22000. We still did not manage to investigate and fix that one properly, sorry. There is a workaround in comment:4 you might want to test (confirming whether bug 22000 is really the problem you are hitting).
Please do something about…
Please do something about the ReCaptcha challenges that always fail, it's ruining our browsing...
No, Google is ruining our…
No, Google is ruining our privacy. I don't recommend you to solve reCAPTCHAs, they exploit people and they are proprietary software, hence privacy-unfriendly. Read How does Google exploits with CAPTCHAS for more information.
Yeah but I don't have a…
Yeah but I don't have a choice, you can't create a Gitlab account without solving captchas.
Is there Going to be an…
Is there Going to be an update for orfox since when I open and close it a majority of times it crashes and doesn't respond peroid. I usually use tor on my Samsung Galaxy tab 4 not sure exactly what model number it is but does it have anything to do with moving orbot and orfox to the SD card? I'd like to see a fix on this please I've donated to you guys plus I'm really looking forward to volunteering.
thanks for the work.
thanks for the work.
Do you consider switching…
Do you consider switching from a firefox base to waterfox? Firefox got crap with 57 anyway and waterfox already removes a lot of tracking from mozilla, so it may be a more trustworthy base for the tor-browser-bundle.
- do you know what i think…
- do you know what i think about the duke of york ?
> more trustworthy base ? are you kidding ?
i consider that tor team should be independent of the skeleton if they work first building their own but they prefer working on the network ... for a next generation (nice) ... ready in 5 or 10 years !
We need a blacklist for…
We need a blacklist for sites that use captcha
captcha are used against…
captcha are used against spammer : i wonder the percentage of rejected post on this blog.
does captcha identify you ? blacklist all google & govt compliant site (or tor ! )
tor is an nsa tool for this reason & no need for a malware, worml.
captcha is used against…
captcha is used against people to exploit them for free labor. they are not all math problems like this site. most of them are exploitative identifications. captcha is anti net neutrality and discriminatory. many humans can't solve them every time. after you solve the captcha it doesn't always let you look at the site.
like said someone else 2…
like said someone else 2 days ago : "there are a lot of stupidity & misinformation on this blog".
captchas are an obligatory measure ; officially against spammer , in fact for identifying the users ; chosen by a lot of compromised sites , well known for their allegiance & special agreement with court_police_cgq etc..
even on this blog _75% are censored (discriminatory)_and the net neutrality is another movement sponsored (failed).
captcha is more a honey-pot trap than a security measure : avoid when possible.
An encrypted version of google , startpage , crtl + shift + L could solve the problem.
06:59:00.464 Cannot send…
06:59:00.464 Cannot send message: Other side disconnected: ["MessageChannel:Response", {result:4, messageName:"19287-0", recipient:{}, error:{message:"Message manager disconnected", result:(void 0)}}] 1 ExtensionUtils.jsm:1091
sendAsyncMessage resource://gre/modules/ExtensionUtils.jsm:1091:5
_handleMessage/deferred.promise< resource://gre/modules/MessageChannel.jsm:671:9
11:10:07.981 TypeError: p is…
11:10:07.981 TypeError: p is null 1 Main.js:1199:5
chrome://noscript/content/Main.js
I came to confirm its still…
I came to confirm its still doing it, orfox crashes on my Samsung galaxy tablet. Not sure exactly what the deal is exactly but I've come to a conclusion to just keep downloading it after it continuously crashes after I open it a majority of times. If anyone has some tips for this that'd be great I've been having this issue for about a week or so.
use this to contact the…
use this to contact the Guardian Project with your problem. Be as detailed as possible, tablet make, OS, tablet configuration & spec, Orfox/Orbot version numbers.
Also the guardian project have a apk repository of all their apps so you will be able to find a different Orfox version. Does a diff - older Orfox crash the same? I thought newer versions of orfox are now named the Tor Browser?
https://guardianproject.info/contact/
08:14:14.389 TypeError: ns…
08:14:14.389 TypeError: ns is undefined 1 MimeServiceParent.js:13:9
chrome://noscript/content/MimeServiceParent.js
14:36:08.915 NS_NOINTERFACE:…
14:36:08.915 NS_NOINTERFACE: Component returned failure code: 0x80004002 (NS_NOINTERFACE) [nsIInterfaceRequestor.getInterface] 1 DOM.js:63
chrome://noscript/content/DOM.js
06:19:21.857 The resource…
06:19:21.857 The resource from “https://trac.torproject.org/projects/tor/chrome/common/js/threaded_comm…” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). 1 (unknown)
06:19:21.914 The resource from “https://trac.torproject.org/projects/tor/chrome/autocomplete/js/autocom…” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). 1 (unknown)
GEThttps://blog.torproject…
GET
https://blog.torproject.org/themes/tor_bootstrap/favicons/favicon-96x96… [HTTP/1.1 404 Not Found 0ms]
NS_BINDING_ABORTED: Component returned failure code: 0x804b0002 (NS_BINDING_ABORTED) [nsIStreamListener.onDataAvailable] WebRequest.jsm:355
>> This release features…
>> This release features important security updates to Firefox and fixes vulnerabilities in Tor.
thank you but ...
>> Anonymity not Security
Tor does not promise secure communications. Encryption is only used to provide anonymity between nodes, your data is not encrypted otherwise. This is why it is still highly encouraged to use HTTPS enabled websites while using Tor. Sending personally identifiable information through Tor without using other security measures will break any anonymity that Tor provides.
TOR encrypts your connection, not your data. So, if you’re sending some ‘plaintext’ information, then at the exit node, where the last layer of encryption is decrypted, the vulnerability exists that someone might access your unprotected data. So, it is advised that you use HTTPS connections to safeguard your data while it is on its way to the destination server.
With Tor, the only person who knows who you are and your ultimate destination is you.
Tor provides anonymous web browsing, but does not provide security.
https://security.stackexchange.com/questions/72679/differences-between-…
It still features important …
It still features important *security* updates meaning it closes memory corruption bugs and similar issues that could get exploited leading to a deanonymization of users.
16:50:17.450 browser…
16:50:17.450 browser.ownerGlobal is null 1 ext-utils.js:800
getBrowserId chrome://browser/content/ext-utils.js:800:9
chrome://browser/content/ext-tabs.js:79:26
runSafeSyncWithoutClone resource://gre/modules/ExtensionUtils.jsm:71:14
emit/promises< resource://gre/modules/ExtensionUtils.jsm:384:55
from self-hosted:595:17
emit resource://gre/modules/ExtensionUtils.jsm:383:20
WebRequestEventManager/register/listener chrome://extensions/content/ext-webRequest.js:51:7
runChannelListener resource://gre/modules/WebRequest.jsm:721:24
onStopRequest resource://gre/modules/WebRequest.jsm:841:5
onStopRequest resource://gre/modules/WebRequest.jsm:351:5
10:32:04.000 TypeError:…
10:32:04.000 TypeError: tabData is null 1 ContentRestore.jsm:215:1
do you have to be a computer…
do you have to be a computer wiz to use this
i installed tor browser a…
i installed tor browser a while ago just the end of 2017, but after i used it once, it hasnt worked since. ive uninstalled my anti malware device to kkep it from crashing, but it still does every time i use it. it has the gah you tab has crashed, and i dont understand why it wont work.
Sorry to hear that. On which…
Sorry to hear that. On which system did you try to run Tor Browser. What version are you using? (I assume you see the welcome screen, there the version number is on the upper right corner visible)