New Release: Tor Browser 8.5a4
Tor Browser 8.5a4 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
Highlights in Tor Browser 8.5a4 are a new Tor alpha version, 0.3.5.3-alpha, a fixed layout of our macOS installer window and Stylo (Mozilla's new CSS engine) being enabled on macOS after fixing a reproducibility issues. Please report any problems you find with those macOS related changes as we think about backporting them for the stable series.
Moreover, we backport a defense against protocol handler enumeration developed by Mozilla engineers and provide Tor Browser on all supported platforms in four additional locales: cs, el, hu, and ka.
Note: It turned out it was a bit premature to ship the new locales as we did not catch bugs in them last minute, so we don't make them available on our download page. Sorry for the inconvenience.
The full changelog since Tor Browser 8.5a3 is:
- All Platforms
- Update Firefox to 60.3.0esr
- Update Tor to 0.3.5.3-alpha
- Update Torbutton to 2.1.1
- Bug 23925+27959: Donation banner for our year end 2018 campaign
- Bug 24172: Donation banner clobbers Tor Browser version string
- Bug 28082: Add locales cs, el, hu, ka
- Translations update
- Update Tor Launcher to 0.2.17
- Update HTTPS Everywhere to 2018.9.19
- Update NoScript to 10.1.9.9
- Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
- Bug 27905: Fix many occurrences of "Firefox" in about:preferences
- Bug 28082: Add locales cs, el, hu, ka
- Windows
- OS X
- Linux
- Android
- Backport of fixes for bug 1448014, 1458905, 1441345, and 1448305
- Build System
Comments
Please note that the comment area below has been archived.
Tor Browser 8.5a2 is now…
:)
:)
Yeah, reproducibility is…
Yeah, reproducibility is hard. Thanks for noticing and it should be fixed.
00:48:25.836 this.browser is…
00:48:25.836 this.browser is null 1 ext-tabs-base.js:298
get frameLoader chrome://extensions/content/ext-tabs-base.js:298:5
get frameLoader chrome://browser/content/ext-browser.js:605:5
get width chrome://browser/content/ext-browser.js:678:5
convert chrome://extensions/content/ext-tabs-base.js:579:7
get chrome://browser/content/ext-tabs.js:572:18
next self-hosted:1214:9
get self-hosted:977:17
call/result< resource://gre/modules/ExtensionParent.jsm:772:57
withPendingBrowser resource://gre/modules/ExtensionParent.jsm:427:26
next self-hosted:1214:9
call resource://gre/modules/ExtensionParent.jsm:771:20
next self-hosted:1214:9
torbutton_send_ctrl_cmd chrome://torbutton/content/torbutton.js:770:10
torbutton_do_new_identity chrome://torbutton/content/torbutton.js:1143:10
torbutton_new_identity chrome://torbutton/content/torbutton.js:867:9
oncommand chrome://browser/content/browser.xul:1:1
Cached items are checked…
Cached items are checked through the catch-all circuit?
[10-24 01:29:49] Torbutton INFO: tor SOCKS: https://www.youtube.com/yts/jsbin/network-vflNZTggj/network.js via
--unknown--:28dfeaa78663ddfa8e20857e44b120bb
Well, cached items should…
Well, requests for cached items should not hit the network. Thus, that might be a misleading log line in that the request is later on cancelled internally (i.e. the resource gets loaded from the cache but the request is not going out over the network).
Don't they check the server…
Don't they check the server if content modified? Why does Torbutton refresh the catch-all circuit to fulfill those requests?
I am not sure yet but I am…
I am not sure yet but I am happy to investigate. Do you have steps to reproduce the behavior you see?
F5 on Trac ;)
F5 on Trac ;)
It seems "smart" trackers…
It seems "smart" trackers are able to make use of it by reloading themselves :(
13:56:09.572 TypeError: doc…
13:56:09.572 TypeError: doc is null 1 ContextMenu.jsm:520:1
My TOR auto-updated. My Anti…
My TOR auto-updated. My Anti-virus red flagged PINGSENDER.EXE as malicious. Just letting you know.
Thanks for the free software GK. We appreciate your efforts too.
I'm not sure if this is the…
I'm not sure if this is the right place to ask, but is it safe to use a download manager together with TOR? Which one is recommended (IDM?)
just using tor to download…
just using tor to download tor. lol
it is NOT safe to use a…
it is NOT safe to use a download manager (plugin-addon) together with Tor.
none plugin-addon is recommended together with Tor.
Hello, I've said this on…
Hello, I've said this on every update post since the 'Quantum' upgrade:
- Tor doesn't remember the size that it was left on before closing, so when it opens again it ends up being in a very specific and unique size for those of us that have tabs open.
- Tor is not allowing me to login to disqus, no matter what I add to the whitelist.
- Can you bring back the Sync function?
I've tried to fix those issues on Windows 7, Ubuntu 16.04, Ubuntu 18 and Windows Vista with no success.
What size is that for you?…
What size is that for you? Can you check with some test on the internet? Regarding Disqus: yes, that's a known but someone needs to investigate: https://trac.torproject.org/projects/tor/ticket/27249 (please help if you can). Finally, Sync is just disabled via
identity.fxaccounts.enabled
set tofalse
, I believe. Does flipping that pref help you?(#2) Error Killing GPU…
(#2) Error Killing GPU process due to IPC reply timeout
(#3) Error Failed to connect GPU process
(#4) Error Receive IPC close with reason=AbnormalShutdown
Guys, Google Safe Browsing…
Guys, Google Safe Browsing and Google itself should not be within a privacy software like Tor.
Please get rid of Google from future releases.
Thanks.
07:38:52.125 Can not…
07:38:52.125 Can not decrement crashed tab count to below 0 ContentCrashHandlers.jsm:528
onAboutTabCrashedUnload resource:///modules/ContentCrashHandlers.jsm:528:7
receiveMessage resource:///modules/ContentCrashHandlers.jsm:188:9
receiveMessage self-hosted:977:17
callListeners resource://gre/modules/RemotePageManager.jsm:33:9
portMessageReceived resource://gre/modules/RemotePageManager.jsm:123:5
portMessageReceived self-hosted:977:17
callListeners resource://gre/modules/RemotePageManager.jsm:33:9
ChromeMessagePort.prototype.observe resource://gre/modules/RemotePageManager.jsm:361:3
Torbutton: Unexpected error…
Torbutton: Unexpected error on new identity: TypeError: m_tb_prefs is undefined
[10-27 00:09:27] Torbutton…
[10-27 00:09:27] Torbutton INFO: This is not a Tor Browser: TypeError: m_tb_prefs is undefined
TypeError: m_tb_prefs is undefined[Learn More] torbutton.js:237:7
torbutton_donation_banner_countdown chrome://torbutton/content/torbutton.js:237:7
torbutton_init chrome://torbutton/content/torbutton.js:354:5
if you copy TBB to a different folder on Windows :(
Just downloaded tor. then…
Just downloaded tor. then onion would not let me download the opposite way thought you had to download onion first, also i have ip vanish turned on does that help?
How about backporting all…
How about backporting all the devirtualization patches?
https://bugzilla.mozilla.org/show_bug.cgi?id=1332680
0:07:30.957 NS_ERROR_NOT…
0:07:30.957 NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMWindowUtils.isParentWindowMainWidgetVisible] 1 nsPrompter.js:339
So what are you going to do…
So what are you going to do with https://tls13.crypto.mozilla.org/ while mozilla doesn't care?
1 1-unable to request…
1
1-unable to request bridges within TOR get error 500
2-the webpage to request bridges is not functioning
One web browser test site…
One web browser test site says I'm, on Windows 7
https://html5test.com/
another says Linux
https://content-security-policy.com/browser-test/
Is that ok?
Here is one more web site…
Here is one more web site https://browserleaks.com/ip
Passive, SYN Linux 2.2.x-3.x | Language: Unknown | Link: Ethernet or modem | MTU: 1500 | Distance: 5 Hops
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
I am using Ubuntu 18.04 for testing
I use separate TBB with…
I use separate TBB with disabled scripts (javascript.enabled=false). Is it safe to completely disable (or remove) NS plugin in this case? I want to do it because NS slows down my tor browser.
MUSTHAVE for Tor Browser…
MUSTHAVE for Tor Browser!
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26…
Why is that a MUSTHAVE?
Why is that a MUSTHAVE?
"we are adding a…
"we are adding a notification to our Firefox Quantum browser that alerts desktop users when they visit a site that has had a recently reported data breach. We’re bringing this functionality to Firefox users in recognition of the growing interest in these types of privacy- and security-centric features."
2 months and Tor 8.0-8.5…
2 months and Tor 8.0-8.5 wont start without displaying anything. The voluntarily turned on log shows:
"Error: the firefox package (version 60 or more) is not installed.
On CentOS/RHEL 6, Tor Browser requires the firefox package to be installed."
Always downgrading to v7 by overwriting directory contents, and that works.
Have you tried following the…
Have you tried following the advice that the log shows you instead? Downgrading to Tor Browser 7 should be avoided as it contains a number of unpatched security bugs.
Since v8 i'm paralyzed by…
Since v8 i'm paralyzed by this on CentOS:
libgtk-3.so.0: cannot open shared object file: No such file or directory
Couldn't load XPCOM.
No sudo.
That's on CentOS 6, right?…
That's on CentOS 6, right? You need to have installed the CentOS firefox package as well to make Tor Browser 8 work on this system.
NoScript is still not saving…
NoScript is still not saving per site permissions. This is seriously annoying, preventing me from customizing which sites I trust or not, while turning script fully on by default, every time Tor Browser is restarted! As it's been several iterations now since this bug has been active, I'm going right back to an older version of Tor Browser until it's fixed.
You should give https://trac…
You should give https://trac.torproject.org/projects/tor/ticket/27175 a closer read where this got fixed (you need to flip a preference to be able to save exceptions as having those exceptions is a serious fingerprinting risk).