Tor Browser 3.6.2 is released
The second pointfix release of the 3.6 series is available from the Tor Browser Project page and also from our distribution directory.
This release features a fix to allow the configuration of a local HTTP or SOCKS proxy with all included Pluggable Transports.
In addition, this release also features important security updates to Firefox, as well as an update to OpenSSL 1.0.1h to address the latest round of OpenSSL security issues.
This release also updates the Tor client software to version 0.2.4.22, which blacklists directory authority keys that were created prior to fixing the Heartbleed attack.
- All Platforms
- Update Firefox to 24.6.0esr
- Update OpenSSL to 1.0.1h
- Update NoScript to 2.6.8.28
- Update Tor to 0.2.4.22
- Update Tor Launcher to 0.2.5.5
- Update Torbutton to 1.6.10.0
- Bug 11629: Support proxies with Pluggable Transports
- Updates FTEProxy to 0.2.15
- Updates obfsproxy to 0.2.9
- Backported Tor Patches:
- Bug 11654: Fix malformed log message in bug11156 patch.
- Bug 10425: Add in Tor's geoip6 files to the bundle distribution
- Bugs 11834 and 11835: Include Pluggable Transport documentation
- Bug 9701: Prevent ClipBoardCache from writing to disk.
- Bug 12146: Make the CONNECT Host header the same as the Request-URI.
- Bug 12212: Disable deprecated webaudio API
- Bug 11253: Turn on TLS 1.1 and 1.2.
- Bug 11817: Don't send startup time information to Mozilla.
The list of frequently encountered known issues is also available in our bug tracker.
Comments
Please note that the comment area below has been archived.
Which version of Firefox
Which version of Firefox will start with DRM-use made possible? And yes, i know you will delete all DRM-related parts in the Firefox source code. Many thanks for that. I have read the discussion with Mozilla about the matter. I would like to know if i have to worry about it or not. How are things?
AFAIK the firefox DRM
AFAIK the firefox DRM implementation is an optional plugin you can install.
Mike Perry said on tor-talk
Mike Perry said on tor-talk that proprietary components would be removed and also discussed a potential issue regarding the EME unique identifier:
https://lists.torproject.org/pipermail/tor-talk/2014-May/032985.html
https://bugzilla.mozilla.org/
https://bugzilla.mozilla.org/show_bug.cgi?id=1015800 is the tracking bug on Mozilla's side you can follow.
This is one robust update, i
This is one robust update, i love it. Keep it up tor people :)
I tried to install the 3.6.2
I tried to install the 3.6.2 upgrade multiple times but keep getting the same error message when I go to launch the browser: "Couldn't load XPCOM"
Is there anything that can be done?
You should to remove Webroot
You should to remove Webroot SecureAnywhere software. It positioned as product for normal users but only geeks can configure it if some new browser release "suddenly" happens.
https://sedvblmbog.tudasnich.de/do
https://sedvblmbog.tudasnich.de/docs/faq#XPCOMError
Starting with TBB 3.6.2,
Starting with TBB 3.6.2, every time I launch Tor Browser, ZoneAlarm popups an alert:
I select Deny and TBB works fine.
Why this ZA alert only with version 3.6.2?
Is TBB trying to connect to a ftp server on start-up?
It looks like your Zone
It looks like your Zone Alarm (one Windows security tool) is complaining about your Application Layer Gateway Service (a second Windows security tool)?
"alg.exe" is not TBB.
Yes, I know alg.exe is not
Yes, I know alg.exe is not TBB (it's MS Windows service).
ZoneAlarm firewall always shows this alert when a browser (or ftp client) access to a ftp server.
Thats why I was asking if TBB 3.6.2 tries to acces to a "ftp://" site on start-up (perhaps to check for updates).
ZA didn't show this alert with previous versions of TBB.
No, it does not try to do
No, it does not try to do that as far as I can tell.
Tor relays listen on a
Tor relays listen on a variety of ports. This is a feature, since some users are behind firewalls that only allow certain ports out.
Here's a relay that listens on port 21:
https://atlas.torproject.org/#details/1C90D3AEADFF3BCD079810632C8B85637…
So if your Tor client connects there, any spy software you have on your computer that assumes port 21 traffic is ftp will complain.
So good this latest upgrade
So good this latest upgrade ain't also susceptible to refusing to open on my XP 'less the manual feature be used. Well done!
And yes, afore anyone axes, I did download twice but it doodn't make one blind bit of difference. Y'all caught the "error" without needing to be whinged at. Yer still at the top of y'alls game - thanx fer that...
The only issue I've run into
The only issue I've run into is that Tor crashes every time I try to load LinkedIn.com. Four times in a row — other sites are fine. It happens in the moments just after it fully loads. The CPU runs up over 100% and stays there, and the browser becomes unresponsive.
Try disabling
Try disabling httpseverywhere and see if that changes anything? If so, please file a ticket.
(I just loaded linkedin in my TBB and it loaded fine.)
I have the same issue with
I have the same issue with TBB 3.6.2 (and some 3.x previous versions too).
I tested TBB 2.3.25-15 (last based on Firefox 17 ESR), and it doesn't have this problem.
Also tested TBB 3.6.2 disabling "HTTPS Everywhere", and disabling javascript, but TBB Freezes and becomes unresponsive with 100% CPU usage after staying some seconds at linkedin.com
I've found someone else has already reported this issue 5 months ago:
#10631 closed defect (duplicate)
LinkedIn page freezes Tor Browser
https://trac.torproject.org/projects/tor/ticket/10631
Also checked "Firefox 24.6.0 ESR + Tor", and it does not freeze with linkedin
Me too. I've revived the
Me too. I've revived the ticket and we'll see if we can do something about it. Thanks!
How does TBB 3.6.2 get its
How does TBB 3.6.2 get its "Provided set of bridges"? Are they different for each user? I chose the same option in TBB 3.6, and both versions' torrc shows same set of bridges. Are these "provided bridges" publicly known?
Also, FTE transport only works with "Provided set" and bridgeDB won't give out FTE bridges.
Those bridges are included
Those bridges are included in Tor Browser. They're the same for every user, so that the package signatures can still be checked. Presumably they're blocked after a while in a few places in the world, e.g. China, but continue to work fine in the rest of the world.
As for bridgedb giving out fte bridges...maybe you should run some fte bridges so we have some to give out? :)
Thanks for reply. Only fte
Thanks for reply. Only fte bridges work here :(
Is it possible to run scramblingsuit bridge work in tor browser? Tor browser didn't accept them. I just pasted the lines the usual way. Maybe this type bridge nodes are offline.
Yes, I'd wish to run fte bridges, but I'm on a speed 120kbps internet connection, sad
No, Scramblesuit needs a
No, Scramblesuit needs a newer tor (>= 0.2.5.2-alpha IIRC) while TBB ships 0.2.4.22.
Since installing the latest
Since installing the latest version I cannot get images to load on either flickr or tumblr even with Jscript enabled. Anyone else got this? Using Win XP.
Could you give me some steps
Could you give me some steps to reproduce your issue? I am not using these services, thus I am not sure how they are supposed to look like... Do I need to be logged in to hit your problem?
TB 3.6.2 little bug: If you
TB 3.6.2 little bug: If you have a new window opened, the TorButton will disable "New Identity" in old TorBrowser window, even you close the new window. The idea is to create a new window again and close the old window if you want to re-enable "New Identity".
Interesting. Do you have
Interesting. Do you have steps to reproduce? Which operating system are you using? I just opened a new private window (Ctrl + N) but the New Identity option got not disabled in the old one.
In my case (Linux 64-bit)
In my case (Linux 64-bit) there is no old one after I click new identity. It closes all the windows and opens a fresh one.
Is this a problem with
Is this a problem with Tor?:
"Authentification weaknesses in GCM"
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/F…
Niels Ferguson(Microsoft)
-potential weakness:authentification & encrytion as ONE function
-AEAD authentication tag length
http://fse2012.inria.fr/SLIDES/36.pdf
Markku-Juhani Saarinen
I just downloaded Tor
I just downloaded Tor version 3.6.2 . after having removed the previous version.
I found Control Vidalia Panel missing on those.
Is this due to change in design or some kind of mistake?
I have downloaded several time with the same result.
Please advise.
You are about a year behind
You are about a year behind the times. :)
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
On OS X I get "The app can't
On OS X I get "The app can't be opened because it is from an unknown developer". I know what the warning means (that the binary isn't signed to apple's liking), but I don't remember getting the warning on previous versions, so I hesitate to run TorBrowser. Is it supposed to be signed?
No, we don't sign it yet but
No, we don't sign it yet but are working on a proper solution.
I understand Tor Bundle
I understand Tor Bundle should be downloaded only from Tor Website .
I wonder if it is better to do this within and inside Tor browser , or can this be done outside of Tor browser using other browsers ?
[Even though very first download has to be through the use of other browser—no other choice. ]
Would like to know your opinion.
Integer-Overflow in LZ4 and
Integer-Overflow in LZ4 and LZO
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-t…
Relevant for Tor?
Sorry,iam no programmer
Hello, unfortunately,
Hello,
unfortunately, comments are now closed for your "Hardening android" blog post.
Could you create a followup blog post so we can continue the discussion and feedback?
I think they still work
I think they still work (though we approve comments by hand, alas, since there's so much spam).
\Tor\PluggableTransports\flas
\Tor\PluggableTransports\flashproxy-client.exe: Win.Trojan.Agent-748059 FOUND
\Tor\PluggableTransports\flashproxy-reg-appspot.exe: Win.Trojan.Agent-748059 FOUND
\Tor\PluggableTransports\flashproxy-reg-email.exe: Win.Trojan.Agent-748059 FOUND
\Tor\PluggableTransports\flashproxy-reg-http.exe: Win.Trojan.Agent-748059 FOUND
\Tor\PluggableTransports\flashproxy-reg-url.exe: Win.Trojan.Agent-748059 FOUND
\Tor\PluggableTransports\fteproxy.exe: Win.Trojan.Agent-748059 FOUND
\Tor\PluggableTransports\obfsproxy.exe: Win.Trojan.Agent-748059 FOUND
Using clamwin antivirus. What's wrong?
Well, one possibility is
Well, one possibility is that you have a virus on your computer that's infecting files you download.
But the much more likely possibility is that "clamwin antivirus" is just wrong.
https://sedvblmbog.tudasnich.de/docs/faq#VirusFalsePositives
There is no option to add a
There is no option to add a hidden service in the Tor 3.6-2...Can someone tell me how to go about it?
You'll have to edit your
You'll have to edit your torrc file by hand.
https://sedvblmbog.tudasnich.de/docs/tor-hidden-service.html
And while I agree this isn't as easy as having something in Tor Launcher that does it for you, I think configuring Tor to use a hidden service is the easy part, compared to setting up and locking down the service itself. Be careful / good luck!
hello dear TOR guys :) I had
hello dear TOR guys :)
I had a question to ask. I didn't know where to ask it. if it's not the correct place, please forgive me & guide me to the right place. thank you.
Question:
I do connect to internet and run TOR. it connects to web and its browser opens.
During browsing, my internet (from ISP side) goes off & gets dc. windows does redialing and makes me connected again. after this, I checked and noticed that TOR browser still works and does service. but the question I wanted to ask from you TOR guys is this: Is my connection still as safe as before disconnecting? have you performed any survey or analysis for checking this situation?
thanks in advance
A big fan from Iran :)
It should be fine -- this is
It should be fine -- this is one of the situations that Tor is designed to handle well.
are you sure about this? you
are you sure about this? you know in some countries, security is more important than anything!
sorry to ask this buddy; are you from TOR team?
thanks again for being so helpful and responsive.
I'm more sure about it than
I'm more sure about it than I am of many other things. Or said another way, I worry about plenty of things in Tor (and Internet security in general), but this isn't one of them.
But don't take my word for it! Learn more about Tor and privacy, so you can help teach your friends about it too.
https://sedvblmbog.tudasnich.de/docs/documentation#UpToSpeed
thank you buddy for all you
thank you buddy for all you do for TOR and for us :)
Hello, please read the
Hello, please read the content (in german language) in the link above and give a comment to us. Many thanks in advance.
http://www.tagesschau.de/inland/nsa-xkeyscore-100.html
You can see my comment in
You can see my comment in the followuparticle:
https://ocewjwkdco.tudasnich.de/blog/being-targeted-nsa
Also, I liked Sebastian's FAQ:
https://wwwcip.cs.fau.de/~snsehahn/Tor-Fragen.en.txt
...thanks for your answer.
...thanks for your answer. Now, the discussion is out: I'm an extremist. Please remember this :D
Otherwise, thanks for your mission.
Will use TOR whenever I want, means: only.
Is there a hidden service
Is there a hidden service version of the downloads?
i cant seem to connect to
i cant seem to connect to the tor network, wont go past the loading authority certificate part...
I can't download this new
I can't download this new version. It says "Error opening file for writing"...
"It" says? What says
"It" says? What says this?
Also, are you trying to save the file to a directory you don't have write permissions to?
hi, I have a problem with my
hi,
I have a problem with my TOR. I don't know it's a bug in TOR or a problem in my windows!
problem:
sometimes when I run TOR, the little box appears in the top left of the screen (as usual) and its connection bar also gets full, but the TOR browser doesn't appear on the screen!
when I open my task-manager, I see TOR program and its browser are open (fig 1) but as you can see in fig. 2, they haven't come onto the screen and the application tab (who represent open soft-wares on the screen) is empty!
is this a bug in TOR or just a problem in my windows? does anyone else have the same experience?
p.s. in these cases (10% happens), I always close TOR browser from the task manager and re-run TOR and the problem is gone! telling this to say, this doesn't hurt me at all like a real and serious problem, but I though it would be better to make a feedback to make you better and stronger.
thank you for all your efforts.
a fan :)
attach: http://postimg.org/image/x70fmb6b1/
Happens on all 3 of my
Happens on all 3 of my Windows computers, but it never happens on OS X. I'm guessing it's a Tor problem.
Does anyone know a simple
Does anyone know a simple way to signup/login to Tumblr while using Tor (without enabling plug-ins)? Thank you.
Hey it would be great if
Hey it would be great if there was simply an update button - icon, to click on to install updates without having to select the Firefox option, too many pop ups. Tired of these enter-ties bombarding us with adds we don't need or wish to receive, especially when we are paying for the service in the first place.
I am a big fan or Tor Browser and a big fan of internet privacy, it's getting harder and harder to acquire this concept so thank you for this facility, as it is truly appreciated.
The OS X bundle simply
The OS X bundle simply doesn't connect. Older versions work though.
Perhaps
Perhaps https://sedvblmbog.tudasnich.de/docs/faq#SophosOnMac is your issue?
Thanks. How comes it doesn't
Thanks. How comes it doesn't affect older verions?
https://sedvblmbog.tudasnich.de/do
https://sedvblmbog.tudasnich.de/docs/faq#VirusFalsePositives
Basically, whatever guessing game sophos used recently has more recent Tor packages as collateral damage.