New Release: Tor Browser 8.5a2

by boklm | September 25, 2018

Tor Browser 8.5a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Note that like in the 8.0.1 release, we just picked up the necessary patches this time but did not bump the Firefox version to 60.2.1esr as we needed to start building before Mozilla was ready. Thus, users are fine with Tor Browser 8.5a2 even if the Firefox version says 60.2.0esr.

This alpha version contains the same bug fixes and improvements introduced in version 8.0.1. In addition we are updating Tor to 0.3.5.2-alpha, and are fixing some 8.0 issues:

Update: there is some issue with the Windows version of Tor Browser 8.5a2. We have disabled the update to 8.5a2 for Windows users until that issue is fixed.

The full changelog since Tor Browser 8.5a1 is:

  • All platforms
    • Update Tor to 0.3.5.2-alpha
    • Update Torbutton to 2.1
      • Bug 27097: Tor News signup banner
      • Bug 27663: Add New Identity menuitem again
      • Bug 27175: Add pref to allow users to persist custom noscript settings
      • Bug 27760: Use new NoScript API for IPC and fix about:blank issue
      • Bug 26624: Only block OBJECT on highest slider level
      • Bug 26555: Don't show IP address for meek or snowflake
      • Bug 27478: Torbutton icons for dark theme
      • Bug 27506+14520: Move status version to upper left corner for RTL locales
      • Bug 27558: Update the link to "Your Guard note may not change" text
      • Bug 21263: Remove outdated information from the README
      • Translations update
    • Update Tor Launcher to 0.2.16.5
      • Bug 27469: Adapt Moat URLs
      • Translations update
      • Clean-up
    • Update NoScript to 10.1.9.6
    • Bug 27763: Restrict Torbutton signing exemption to mobile
    • Bug 26146: Spoof HTTP User-Agent header for desktop platforms
    • Bug 27543: QR code is broken on web.whatsapp.com
    • Bug 27264: Bookmark items are not visible on the boomark toolbar
    • Bug 27535: Enable TLS 1.3 draft version
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
    • Backport of Mozilla bug 1490585, 1475775, and 1489744
  • Windows:
    • Bug 26381: about:tor page does not load on first start on Windows
  • Linux:
    • Bug 27546: Fix vertical scrollbar behavior in Tor Browser 8 with Gtk3
    • Bug 27552: Use bundled dir on CentOS/RHEL 6
    • Bug 26556: Fix broken Tor Browser icon path on Linux

Comments

Please note that the comment area below has been archived.

anon (not verified) said:

September 25, 2018

Permalink

After installing Tor Browser 8.5a2 x64 clean or after updating Tor Browser 8.5a1 x64 in Windows 10 x64, Tor Browser has stopped working and do not start.

Anonymous (not verified) said:

September 25, 2018

Permalink

Hi. After clean installing Tor Browser 8.5a2 x64 it does not start in Windows 10 x64. Same for updating Tor Browser 8.5a1 x64 it does not start in Windows 10 x64.

Anonymous (not verified) said:

September 25, 2018

Permalink

Yes, it says tor browser has stopped working, a problem caused the program to stop working correctly, please close the program.

111 (not verified) said:

September 26, 2018

Permalink

Сигнатура проблемы:
Имя события проблемы: APPCRASH
Имя приложения: firefox.exe
Версия приложения: 60.2.0.6609
Отметка времени приложения: 00000000
Имя модуля с ошибкой: xul.dll
Версия модуля с ошибкой: 60.2.0.6609
Отметка времени модуля с ошибкой: 00000000
Код исключения: c0000005
Смещение исключения: 000000000174cc85
Версия ОС: 6.3.9600.2.0.0.256.48
Код языка: 1049
Дополнительные сведения 1: 67a5
Дополнительные сведения 2: 67a5925b808e2deb9056b140f1584392
Дополнительные сведения 3: 2dc5
Дополнительные сведения 4: 2dc5a94cc6ee4c551d9cafc70f50c162

Some dude (not verified) said:

September 25, 2018

Permalink

Another thing I notice is the cloudflare captcha page appearing more and more often. To the point where tor is becoming unusable

It seems cloudflare had a trick to detect Tor Browser connections and use alt-svc onions. I guess the update broke their trick, and we're back to the captcha shit.

So, we have to wait them to fix.

So just doing some additional research on this - given cloudflare's latest press release - is that almost every site I went to (including cloudflare's or Akami's blog on the issue) were all blocked. Cloudflare by the usual captcha and akami just blocking outright.

Amazing

dum-dum (not verified) said:

September 25, 2018

Permalink

8.5a2 alpha crashed through both the in-browser update and after installing .exe from Tor's repo on W1nbox.

I forgot exactly what the error message was, but it might have been something like BEX? If I have more time [& patience] later I'll re-install it so I could provide more details.

Also, for the past several releases whenever I quit [menu ---> exit], I receive an error; I think I get a not-responding message when attempting to shutdown the browser above a certain working memory allotment, as I don't have much RAM available; I remember seeing xul.dll along with another one in the past.

Puzzled (not verified) said:

September 25, 2018

Permalink

Help! I've seen the Onion Circuits in the new "(i) hamburger" menu (left of URL) in TB on Windows, but still can't see it on Debian. There are only the "websiteXX Secure Connection" and "Permission" entries shown. It's been the same in the last 2 or 3 TB versions, and not just 8.5a2.
Anyone?

Anonymous (not verified) said:

September 26, 2018

Permalink

NoScript:
Error: Permission denied to access property "log"[Learn More] log.js:1:1
Error: Permission denied to access property "ns"[Learn More] dynamicNS.js:6:5

Anonymous (not verified) said:

September 26, 2018

Permalink

What about this issue?
http://browserspy.dk/useragent.php

UserAgent from header
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

User Agent from JavaScript
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

tbb 8.5a2 (based on Mozilla Firefox 60.2.0esr) (64-bit) on Linux

Tor Devs explain me and you it's better TBB is producing spoofed
UserAgent with HTML and UNSPOOFED with Javascript .

Eh ...i don't understand why and they don't explain why this ....should be a really good idea. ?.

anon (not verified) said:

September 26, 2018

Permalink

Hey! Add Tor Check on homepage of TB! I am very afraid of new Quantum TB. I think new firefox engine is a huge step back!

Anonymous (not verified) said:

September 26, 2018

Permalink

Tor browser 8.0.1 in Linux cannot be cleanly closed, takes a while until closed, seems to crash. Noscript settings never not saved. Also while tor browser still running normally, export settings button of noscript does nothing. Problem appeared since new noscript GUI.

What gives you the impression that it crashed? Regarding the NoScript bugs: we have two tickets for that

https://trac.torproject.org/projects/tor/ticket/27825
https://trac.torproject.org/projects/tor/ticket/27175

We currently test a fix for the issue that NoScript is not saving settings in our alpha releases. Let us know whether that works for you (note that you need to flip the extensions.torbutton.noscript_persist preference to activate that feature now).

Micio (not verified) said:

September 26, 2018

Permalink

When a best version for Android. WE ARE A LOT TROUGH MOBILE. SO FAR I STILL LIKES BEST ORFOX.IN FIRST DO BECAUSE CHECKING THE BROWSER DON'T IS DETECTED THE OS.

Anonymous (not verified) said:

September 26, 2018

Permalink

I have noticed that in browser 8.0.1 for Linux Debian 64 bit, that after the browser loads, it is stuck not being able to do anything for 20-30 seconds before it starts to work.

Also when commenting here on another post the other day, after posting the page load loops endlessly...

ekkla (not verified) said:

September 26, 2018

Permalink

You've basically ended the usability of Tor by the inclusion of the absolutely terrible new NoScript. It doesn't seem to save settings, its function has to be "inferred", simple and integral functions are lacking, and it does random stuff on its own (I said it doesn't save settings, but some site was randomly marked as "Custom" and allowed for no reason). The old UI was straightforward and worked just about flawlessly, the new UI is the most incompetent app design I am forced to "allow" to put up with anywhere. NoScript is the worst of its kind in this iteration. And you including this thing seems like a deliberate attempt at self-undermining. I don't know what's going on in the heads of the developers, they are useless now, trying to be "hip" and "different", but at least other developers with a high security concern should be able to see how bad it is.

Lird (not verified) said:

September 27, 2018

Permalink

I'm having a problem where tor does not respect my gtk3 settings. I like to sort folders first, but default gtk3 behavior is to sort everything alphabetically (mixing folders and files together). I used dconf-editor to change the option, which worked before Tor 8.0. However, whenever I run tor 8.0.1, it changes gtk3 settings back to the default. Tor refuses to respect my gtk3 preference of sorting folders first when saving a file with the file chooser dialog.

It's also possible to right click on the save dialog window and choose "sort folders first", but Tor still refuses to respect the setting and changes it back the next time I try to save anything.

ekkerd (not verified) said:

September 27, 2018

Permalink

It seems clear to me that you have deliberately broken Tor. First of all, your own, this very, blog doesn't even work but has erratic loading issues whenever one tries to use the comment function. But this minor, but very clear symptom aside, the "new" NoScript's UI is so blatantly bad that I seriously think this speaks of psychological disorders on the side of the developers (megalomania and other delusions being part of them, with a loss of basic logic and competence), and I think any other company choosing it, let alone one specializising in high security and encryption, must be a deliberate choice to undermine the program and its purported purpose.
NoScript by now is easily one of the worst scriptblockers - I would never choose this above any other addon anymore. The reasons are too numerous, like it doesn't save settings, lacks basic functions, , its functions must be "derived", possibly by trial and error, because they are so badly presented, and it even makes random choices, like arbitrarily choosing "Custom" for some sites and temporarily allowing them, which directly compromise security.

The point remains that it's so terrible, and such a worsening compared to the straightforward, nearly impeccable previous UI, that this shows a deliberate attempt to undermine Tor internally - or at least that the loss of sanity and competence is not restricted to the developers of dreadful plugin (one of the worst of its kind now).

ricky bobby (not verified) said:

September 27, 2018

Permalink

mojave mac os update rendered tor (newest stable) useless...

any fix or is this an iOS problem.
tor worked fine on high sierra 10.13.6 if I'm correct.

any ideas? thanks.

Probably because you don't write to the site owners asking them to whitelist T1 (Tor). Third of the companies I emailed to regarding the blocking issues have changed their filters within days.

JS (not verified) said:

September 28, 2018

Permalink

Can't run on win7 x64 vm after installing, So I have to reinstall a1 to report this issue.
And I didn't find the event log. It just stop running.
Hope you guys can fix it soon.
Thanks
LOL

how ot bypass … (not verified) said:

September 29, 2018

Permalink

However, a couple of years ago, the FBI managed to hack the TOR network and disrupt the operations of the network. Also, in the recent past, some regimes have managed to block TOR in their countries. However, you can still access the internet with a level of privacy similar to what TOR has been providing.

Anonymous (not verified) said:

September 30, 2018

Permalink

Hey! There is a difference between one captcha and fucking nonstop stream of captchas, ending with 'Please try again.' stupid message at the bottom!
Fucking cloudflare! FUCK YOU!!!

bacpac@radioph… (not verified) said:

September 30, 2018

Permalink

Do I need to eliminate my other browser or can Tor run on the same computer- before I down load it.I am not as tech savvy as many users but I need to research a subject as a journalist and radio host and need to get better results than the censored google images,

Anonymous (not verified) said:

September 30, 2018

Permalink

part of the message I have gotten when I try using the updated tor says app crash firefox will not open says tor has stoProblem signature:
Problem Event Name: APPCRASH
Application Name: firefox.exe
Application Version: 60.2.0.6609
Application Timestamp: 00000000
Fault Module Name: xul.dll
Fault Module Version: 60.2.0.6609
Fault Module Timestamp: 00000000pped working

Ragteros (not verified) said:

October 01, 2018

Permalink

Is there a working version of TOR Browser for windows 10 yet, because i just saw alot of comments that said it had a error as in the Browser had a error. so is there already a working version for windows 10 or is it still being worked on?

Ragteros (not verified) said:

October 01, 2018

Permalink

thanks for the quick respons will download TOR now need this for a long time. u guys are doing great work :D

Space Cowboy (not verified) said:

October 02, 2018

Permalink

I was bummed it removed all my BOOKMARKS and unable to get any of them back and YES not working on WIN10 and my Virus SW says it has Ransomware files!

Anonymous (not verified) said:

October 04, 2018

Permalink

Where I can find info about other auth types for v3 onions? 'descriptor' is described well in specs, but spec is vague about other auth types. In tor tickets also 'intro' and 'standard' auth types are mentioned, but I cannot find any info about it.