Tor Browser Bundle 3.0beta1 Released

by mikeperry | November 6, 2013

The first beta release in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:
https://archive.torproject.org/tor-package-archive/torbrowser/3.0b1/

This release includes important security updates to Firefox, as well as a fix for a startup crash bug on Windows XP.

This release also reorganizes the bundle directory structure to simplify implementation of the FIrefox updater in future releases. This means that extracting the bundle over previous installation will likely not preserve your preferences or bookmarks, and may cause other issues.

This release has also introduced a build reproducibility issue on Windows, hence it is signed only by two keys. We should have this issue fixed by the next beta.

Here is the complete ChangeLog:

  • All Platforms:
    • Update Firefox to 17.0.10esr
    • Update NoScript to 2.6.8.2
    • Update HTTPS-Everywhere to 3.4.2
    • Bug #9114: Reorganize the bundle directory structure to ease future autoupdates
    • Bug #9173: Patch Tor Browser to auto-detect profile directory if launched without the wrapper script.
    • Bug #9012: Hide Tor Browser infobar for missing plugins.
    • Bug #8364: Change the default entry page for the addons tab to the installed addons page.
    • Bug #9867: Make flash objects really be click-to-play if flash is enabled.
    • Bug #8292: Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API
    • Bug #3661: Remove polipo and privoxy from the banned ports list.
    • misc: Fix a potential memory leak in the Image Cache isolation
    • misc: Fix a potential crash if OS theme information is ever absent
    • Update Tor-Launcher to 0.2.3.1-beta
      • Bug #9114: Handle new directory structure
      • misc: Tor Launcher now supports Thunderbird
    • Update Torbutton to 1.6.4
      • Bug #9224: Support multiple Tor socks ports for about:tor status check
      • Bug #9587: Add TBB version number to about:tor
      • Bug #9144: Workaround to handle missing translation properties
  • Windows:
    • Bug #9084: Fix startup crash on Windows XP.
  • Linux:
    • Bug #9487: Create detached debuginfo files for Linux Tor and Tor Browser binaries.

Comments

Please note that the comment area below has been archived.

Anonymous (not verified) said:

November 06, 2013

Permalink

Been testing this for some days now and it's awesome! The only thing that still needs fixing is the password saving bug of Torbutton, at least I have no idea how to get this to work.

Anonymous (not verified) said:

November 07, 2013

Permalink

I am surprised to learn that there is still support for Windows XP given that technical support by Microsoft for the said operating system will cease with effect from April 1, 2014.

Well, you know how it goes -- if we stopped providing XP builds we'd screw a huge pile of users. Of course, that's the case for Microsoft pretty soon too.

Let's wait and see what happens in April 2014.

Anonymous (not verified) said:

November 08, 2013

Permalink

Where do we report issues for this project? I can't start TBB if I have Mozilla Firefox open. Says that Firefox is already running. This is new behavior.

This is the only issue I have encountered in the alpha/beta releases (kudos). I love the user friendly consolidation. Thanks for all the hard work; greatly appreciated.

Anonymous (not verified) said:

November 08, 2013

Permalink

gpg --verify sha256sums.txt.asc-mp sha256sums.txt
gpg: Signature made Tue 05 Nov 2013 08:57:26 AM HKT using RSA key ID 0E3A92E4
gpg: Can't check signature: public key not found

why the RSA key ID is 0E3A92E4 ??

and I can not find the key ID on
https://sedvblmbog.tudasnich.de/docs/signing-keys.html.en

who signed sha256sums.txt.asc-mp ??

Anonymous (not verified) said:

November 10, 2013

Permalink

And update deb.torproject.org-keyring this package (debian keyring for tor) please.

I too have been wondering how I can know for sure that I am not downloading both the Tor browser bundle and the signature from a MITM page. The points you raise in your ticket seem valid to me, but I confess I am a beginner in these matters and would be grateful for some reassurance from those who know more about these matters than myself.

Anonymous (not verified) said:

November 16, 2013

Permalink

One feature that was lost with embedding vidalia was its network activity graph. It helped me in verifying that my uploads are not stuck.

Anonymous (not verified) said:

November 16, 2013

Permalink

Since Vidalia is not available in this beta, how does one access information it provided under the control panel? Particularity, the view the network option.

Anonymous (not verified) said:

November 16, 2013

Permalink

1)How do users gain Vidalia-type functions with this approach? Are all of these user options lost?
2) Cookies are not required for Captcha validation. Why are you requiring them?

Thank You.

Anonymous (not verified) said:

November 16, 2013

Permalink

I miss the vidalia world map, where i could see, which circuit I am using... it is bad to delete all the nice features of vidalia, imho.

Anonymous (not verified) said:

November 16, 2013

Permalink

It's been mentioned that we can get Vidalia running by pointing an existing Vidalia binary at control port 9151 after the Tor browser has been launched. Can someone give instructions how to do so.

Anonymous (not verified) said:

November 18, 2013

Permalink

It was a cool feature within vidalia to see, which circuit I am using... this option gone is a big step back. did you think about the fail of tor with this decision?

Anonymous (not verified) said:

November 18, 2013

Permalink

Not sure if this should be a bug report, but on 3.0 when I select "new identity" on Torbutton, it closes the browser and starts a new session.

Anonymous (not verified) said:

November 19, 2013

Permalink

I was sure I couldn't be the only one who noticed it. :) And yes - a very surprising feature as the effect, from a user standpoint, is jarringly different from previous versions.

But it is working as intended and that is the important thing.

Anonymous (not verified) said:

December 19, 2013

Permalink

what a shit "feature "it is , reminds of me windows retarded explanation its a feature not a bug,

Anonymous (not verified) said:

December 22, 2013

Permalink

Yeah, this may be more secure (or so I've read) but from a user standpoint is not user friendly. I need to keep tabs open and refresh identity from time to time. This is a pain.

Anonymous (not verified) said:

November 19, 2013

Permalink

I still get Vidalia launch with this version on OS X. That's correct ?

I don't know why verifying the signature relies on gpgp. It's installer is a buggy mess on a Mac. Why can't it be a signature that can be verified by md5 in terminal ?

Anonymous (not verified) said:

December 15, 2013

Permalink

It's very annoying that it isn't possible anymore to make use of another exit node without losing your browser state. I understand that 'New identity' button of Vidalia wasn't actually giving you a new identity, because your browser cookies (and other state) were not deleted. Removing the option however, makes it very annoying to use the Tor Browser Bundle at times. Especially when the exit node you're using is blocked by a website or the current exit node is too slow (for example when downloading larger files or watching a video).

Can there not be an extra button in the Torbutton named something along the lines of "Use a different exit node", that would have the same behavior as the button in Vidalia? I and others would greatly appreciate that.