Tor Browser 7.0a2-hardened is released
A new hardened Tor Browser release is available. It can be found in the 7.0a2-hardened distribution directory and on the download page for hardened builds.
This release features important security updates to Firefox.
This hardened alpha release mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to 0.3.0.4-rc, OpenSSL to 1.0.2k, and HTTPS-Everywhere to 5.2.11.
Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.
In the previous release we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.
Another known regression is the resizing of the window. We are currently working on a fix for this issue.
The full changelog since Tor Browser 7.0a1-hardened is:
- All Platforms
- Update Firefox to 45.8.0esr
- Tor to 0.3.0.4-rc
- OpenSSL to 1.0.2k
- Update Torbutton to 1.9.7.1
- Update HTTPS-Everywhere to 5.2.11
- Bug 21514: Restore W^X JIT implementation removed from ESR45
- Bug 21536: Remove scramblesuit bridge
- Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
- Bug 21326: Update the "Using a system-installed Tor" section in start script
- Build system
- Bug 17034: Use our built binutils and GCC for building tor
- Code clean-up
Comments
Please note that the comment area below has been archived.
When will Selfrando land in
When will Selfrando land in the alpha series? Thank you
We hope in 7.0a3. At least
We hope in 7.0a3. At least we plan to do so for Linux 64 bit bundles. https://trac.torproject.org/projects/tor/ticket/20683 tracks this effort and has a patch up for review.
OpenSSL to
OpenSSL to 1.0.1k
and
OpenSSL to 1.0.2k
referred in article. One reference is wrong. Please update article.
Corrected. Thanks.
Corrected. Thanks.
;)
;)
اريد الاشتراك
اريد الاشتراك بشبكة الخفية
I hope it comes to mobile
I hope it comes to mobile soon. ^-^
Are you talking about the
Are you talking about the hardened version or just the regular version? Since the latter is already available in mobile (Orbot+Orfox for Android and Onion Browser by Mike Tigas for iOS).
me too
me too
Twitter RT and Like button
Twitter RT and Like button don't work on tor browser .
"Sorry Something gonna wrong" info appered
Yes, this is bug 21555
Yes, this is bug 21555 (https://trac.torproject.org/projects/tor/ticket/21555). It will be solved in the next release.
thanks
thanks
The hardened version, I'm
The hardened version, I'm assuming isn't released yet for mobile.
Correct, and there are no
Correct, and there are no plans to do so.
when an update to mobile
when an update to mobile (orfox )
Does Tor have any
Does Tor have any vulnerabilities that were highlighted in the Wikileaks dump?
No.
No. https://search.wikileaks.org/?query=tor+&exact_phrase=&any_of=&exclude_…
What about
What about https://www.hackerone.com/product/community ?
What the ,exe files of Tor
What the ,exe files of Tor Browser need to unlock in a firewall?
I can't to connect to the Tor Network.
Help please, I'm a journalist.
all of my history and
all of my history and bookmarks have been deleted when I did the update!!!!
solutions please !!
Launching
Launching './Browser/start-tor-browser --detach --debug'...
==9686==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
...
Does hardened Tor Browser work in hardened Linux?
> Does hardened Tor Browser
> Does hardened Tor Browser work in hardened Linux?
No. ASan and PaX are incompatible with each other. Of the two, PaX is more useful.
Firefox though works fine in
Firefox though works fine in hardened Linux. Will there be a version of Tor Browser for hardened Linux?
> Firefox though works fine
> Firefox though works fine in hardened Linux.
If your definition of "works fine" is "need to disable MPROTECT" then sure? Firefox isn't built with ASan either, and likewise would be incompatible with PaX if it were.
> Will there be a version of Tor Browser for hardened Linux?
Anything that's not built with ASan works as well as normal firefox does.
I'm using apparmor over
I'm using apparmor over tor-browser.tor-browser_en-US.start-tor-browser.desktop
270 lines, generated during couple of hours.... works well..
It is asking sometimes for update, however, I have deny such options... etc...
How to increase the number
How to increase the number of middle nodes? I'm aware of the trade-off between security and speed. Thanks.
Confused about when future
Confused about when future editions of Tor Browser and Tails will use/require:
o various hardening features (selfrando, PAX)
o based on Debian 9 (stretch, soon to be the new stable)
Also confused about how these changes will affect the onion mirrors for people who use Debian OS and update using the onion mirrors. Also confused about the security of installing from Debian repos--- someone said in this blog that there is no security except for the bare bones Debian and no-one has contradicted this. I hope that person was wrong.
Any information would be appreciated!
IS THERE NOT ONE BROWSER
IS THERE NOT ONE BROWSER THAT IS JUST BASIC AND DOES THE JOB WITH PRIVACY AND SECURITY INSTEAD OF CONTSANTLY REQUIRING OR NEEDING TO BE UPDATED? AFTER ALL ITS JUST BASIC CODES AND ALL RIGHT? ISN"T THERE A SIMPLE METHOD TO JUST BLOCK EVERYTHING AND THATS IT? A SILVER BULLET? MAYBE ITS MORE COMPLICATED THAN PEOPLE THINK?
first, i think your keyboard
first, i think your keyboard is broken.
second, if this was just basic codes then why don't you contribute to the code then.
+1000
+1000
um
um
is your keyboard broken bro ?
is your keyboard broken bro ?
should i be using this over
should i be using this over normal browser ?
This is an alpha version
This is an alpha version testing new hardening features and helping us to debug things. I think it might be worthwhile using the stable Tor Browser instead in your case.
Love just for you!!
Love just for you!!
Why Orfox (android) is never
Why Orfox (android) is never updated?
what is the ? how to access
what is the ?
how to access dare web by this browser ?
Hey there, are you planning
Hey there,
are you planning to switch to the next ESR version (Firefox 52) in the near future?
A few days ago suddenly v
A few days ago suddenly v 6.5 would not connect to the onion network so downloaded 7.2 still no luck even if I try changing to bridges. Works fine in normal non onion sites so anyone else got this and a fix? Using Win XP could that be the reason?
We need real tests for
We need real tests for hardening, not checks: https://forums.freebsd.org/threads/46435/#post-283009
You can try running with
You can try running with ASAN_OPTIONS=fast_unwind_on_malloc=0 to get complete stack traces.