New Release: Tor Browser 9.5a3
Tor Browser 9.5a3 is now available from the Tor Browser Alpha download page and also from our distribution directory.
Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.
This release features important security updates to Firefox.
This new alpha release picks up security fixes for Firefox 68.3.0esr and updates our external extensions (NoScript and HTTPS Everywhere) to their latest versions. Among other things, we made some cleanups in torbutton and fixed localization in the Android bundles. We also add three new locales: lt (Lithuanian), ms (Maylay), and th (Thai). Please help us test those new locales if you speak those languages.
Reproducible Builds
The issue with reproducible builds mentioned in the 9.0.1 blog post is still present in this release. However, we made progress on understanding the issue and are getting closer to a fix.
ChangeLog
The full changelog since Tor Browser 9.5a2 is:
- All Platforms
- Update Firefox to 68.3.0esr
- Bump NoScript to 11.0.9
- Update HTTPS Everywhere to 2019.11.7
- Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526
- Bug 32606: Set up default bridge at Georgetown University
- Bug 30787: Add lt locale
- Bug 30788: Add ms locale
- Bug 30786: Add th locale
- Translations update
- Bug 28746: Remove torbutton isolation and fp prefs sync
- Bug 28745: Assume always running in Tor Browser
- Bug 30888: move torbutton_util.js to modules/utils.js
- Bug 30851: Move default preferences to 000-tor-browser.js
- Bug 28745: Remove torbutton.js unused code
- Bug 32255: Missing ORIGIN header breaks CORS
- Windows + OS X + Linux
- Android
- OS X
- Bug 32505: Tighten our rules in our entitlements file for macOS
- Windows
- Bug 32616: Disable GetSecureOutputDirectoryPath() functionality
Comments
Please note that the comment area below has been archived.
Bug 30787: Add lt locale …
something went wrong...
Thanks, fixed.
Thanks, fixed.
just updated Tor Browser and…
just updated Tor Browser and virus detected in load.
idp.elexa.51
is this an issue?
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/32536 is still an issue.
I think I have a very…
I think I have a very interesting point to make... currently tor circuit chooses a fixed first server "guard" that doesn't change often (because of some sort of attack if I recall correctly).
I would like to see a option to allow also a: "FIXED GUARD EXIT" (probably adding one additional hop server in the connection loop will be need to have some additional protection).
Why? Many, many web sites simply don't work, even if they don't try to block Onion ("Tor") because they use sometimes multiple URL's and require captchas (ex.: download web sites) and they associate the correct resolution of the captchas to the IP, but since the onion ("Tor") creates a different IP for each URL makes it impossible to use many web sites. Also many web sites don't have captchas but if one logs in and the IP changes during the session they will log out the user for security reasons... in Tor Browser these can happen a lot!
Because always exiting on the same IP may help identify someone it should be some special group tab session or something like that, so that the user absolutely knows it is using a fixed IP at the exit point, and that should have a permanent warning informing that, informing that it should only be used on web sites that don't work properly in the normal "Tor Browser" session. The special group tab should allow opening of new windows using the same exit point IP address since I've notice web sites doing that on the past where they will open a new URL in new windows/ tabs with the thing that the user wants after successfully solving captchas/ seeing the publicity... but the new URL will NEVER work because the IP's don't match... and the same to see images where one can't grab them because the servers see different IP's (they have one URL to display and other to host the images) and don't allow the download.
I hope you can add these to help make Tor Browser more useful.
U need chrome
U need chrome
I can no longer disable the…
I can no longer disable the Tor Network and use my own VPN.
I found that the…
I found that the conformation dont come through after you sign up ?
Is this a problem or is it just delayed ?
After you sign up to what?
After you sign up to what?
Noscript blue popup to allow…
Noscript blue pop-up to allow media applies permanent custom per-site permissions in noscript options. These permissions persist after new identity and closing browser. I expected new identity or closing browser to revert blue pop-up. I understand that noscript options applied manually are supposed to persist, but I was not expecting blue permissions to persist because the pop-up is exposed to users whether or not noscript icon is hidden. Are blue pop-up permissions intended to persist?
Permissions can be reverted manually in noscript options or by changing security level.
Letterboxing is disabled?
Letterboxing is disabled?
Letterboxing is still…
Letterboxing is still enabled by default.
TypeError: controller is…
TypeError: controller is null textbox.js:230:7
doCommand chrome://global/content/elements/textbox.js:230
_initUI chrome://global/content/elements/textbox.js:110
TBB doesn't allow media from…
TBB doesn't allow media from 3rd party if it's not allowed for a 1st party.
svg.disabled
Switching svg.disabled to false breaks NoScript's per-site settings and change everything from Safest to Safer level! That's not what I want!
I'm pressing 'New Circuit…
I'm pressing 'New Circuit for this Site' continuously, and the guard changes randomly between the two relays: one in Germany and one in France. What's going on?