Tor Browser 5.0a2 is released

by mikeperry | June 16, 2015

The second alpha release in the 5.0 series of the Tor Browser is now available from our extended downloads page as well as the distribution directory.

This release provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.7.1-alpha, Torbutton to version 1.9.2.7, NoScript to version 2.6.9.26, meek to version 0.19 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled, and it also fixes an update issue when using meek on Windows systems.

Here is the complete changelog

  • All Platforms
    • Update Tor to 0.2.7.1-alpha
    • Update OpenSSL to 1.0.1n
    • Update HTTPS-Everywhere to 5.0.5
    • Update NoScript to 2.6.9.26
    • Update meek to 0.19
    • Update Torbutton to 1.9.2.7
      • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
      • Bug 14429: Make sure the automatic resizing is enabled
      • Translation updates
    • Bug 16130: Defend against logjam attack
    • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  • Windows
    • Bug 16014: Staged update fails if meek is enabled
    • Bug 16269: repeated add-on compatibility check after update (meek enabled)
  • Linux
    • Bug 16026: Fix crash in GStreamer
    • Bug 16083: Update comment in start-tor-browser

Comments

Please note that the comment area below has been archived.

June 16, 2015

Permalink

The captcha issue is not yet solved on some websites. The pictures do not load when asked to select a few pictures of something. This has been broken for some releases now and it has had no attention. Can you please investigate this.

Which websites have broken captchas? I've never had a problem with CloudFlare (even if the ReCaptcha method they use is hard to solve).

Now, the recent obsession of sites straight-up banning Tor IPs...

Got the same problem as mentioned by the 2ppl above. And as many before me I've tried switching off NoScript etc..

One example: https://www.openmailbox.org/#register

Interestingly enough it displays the image of what has to be identified but not the 9 pictures you get to choose from. This is a very frustrating issue and I really hope someone finds a solution soon.. :)

This isn't a problem with Tor Browser; it's a problem with the captcha provider (Google, I think.) You may have some luck by lowering your security settings if you're willing to take the risk but in the end you need to complain to the captcha provider or the website using the captcha provider.

June 16, 2015

Permalink

I see NoScript's ClearClick feature for trusted and untrusted sites is disabled by default. Are we looking for a fix from Tor Browser or NoScript or both?

While ABE has it's uses I think that individual users making their own customized rules would make fingerprinting them exceptionally easy. It would be similar to NoScript's normal per-domain/site/etc whitelisting but worse.

June 17, 2015

Permalink

Apologies ahead of time, as I'm much less tech-literate than most that post here.

Every time I try to update to this latest version of the Tor Browser Bundle, AVG anti-virus program detects a potential threat.

This must be the 4th or 5th version of Tor I've downloaded, and never before have I had this prob.

Again, apologies if this is old-hat, previously covered ad nauseam.

June 17, 2015

Permalink

AVG 2015 doesn't let the program install, in the middle it detects tor.exe as a threat and delete it.

June 17, 2015

Permalink

The Meek servers are comming from Google/Amazon/Microsoft, all had worked with NSA in the past, so supposing they record my IP address which is comming from Iran, NSA will try to crack my Tor becaus I come from Iran?

June 19, 2015

Permalink

Please work on the tor CAPTCHAS problem:

"There was an issue with the captcha provider. More information may be available below."

If it works in other browsers then it should also work in tor.

June 21, 2015

Permalink

when i try to update tor browser . after the update if i restart the browser it shows update is available . its seems some bug . may be i need to download a fresh copy of the browser .

June 23, 2015

Permalink

PLEASE, FIX THIS BUG:

In the TBB for linux bridges do not work anymore. You are not allowed to connect if using bridges (obfs3, obfs4, ...), not the default ones, not whatever working bridge you enter into the box. Why hasn't this been fixed yet?

June 25, 2015

Permalink

The problem I encounter is if TBB fails to connect to Tor network (I'm using meek and obfs3 bridge) and you wish to try again, you have to close and run TBB again, it wastes time especially for Tails you have to reboot.

June 25, 2015

Permalink

Hi,
A short while ago I found a site which offered Tor users a test to see if they were being compromised (their real IP was discernable) while watching an HTML 5 video. I took the test and failed- my real IP was indeed being shown to me despite being on TOR and despite having NO scripting enabled - javascript et. al. -or any other such plugin enabled. It was done purely through HTML 5 on an as-downloaded version of Tor, the lastest version at that time. This was perhaps a month or two ago.

My questions are- are you aware of this? If so, have you notified your users of this? Have you addressed the issue? If you are aware of this and you know the URL of the site I was describing, can you post that URL since I cannot find it any longer.

Thank you

June 25, 2015

Permalink

1. Captchas error all the time

2. This error message appears more and more often:

The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. (Error code: ssl_error_inappropriate_fallback_alert)

June 25, 2015

Permalink

Not working on cloudflare protected websites!

Captchas broken! Firefox works, tor has problems.

July 01, 2015

Permalink

With mozilla adding more and more controversial features like 3rd party closedsource services, please consider migrating to palemoon! Both Palemoon and Tor communities will only win from this and I'm sure Palemoon developers will cooperate.