Tor Browser Bundle for Windows 1.3.7 Released

by phobos | July 5, 2010

On July 4th, we released Tor Browser Bundle 1.3.7 for Microsoft Windows. This is merely a security update release for Firefox and Pidgin. You can download this at https://torproject.org/torbrowser.

The only changes are:

  • update to Firefox 3.5.10 to fix some security issues
  • update to Pidgin 2.7.1r2 to fix some security issues

Comments

Please note that the comment area below has been archived.

July 05, 2010

Permalink

Hi!!!!!!!!!

Well, just to bump into this blog entry, i could suggest you also to update the Tor Browser Bundle for Linux!!!!!!! You copied my idea to ship it with libpng14, and i'm so happy you did it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! So, it'll work even in ArchLinux!!!!! But you've also to keep the software up to date!!! There is a remotely exploitable bug in the 1.4.2 version of libpng!!! http://www.libpng.org/pub/png/libpng.html «Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.»

~bee!!!!!!

July 06, 2010

In reply to erinn

Permalink

arrrg!

Please don't feed the trolls. If bee was helpful that's fine, but please don't make it seem like he was very helpful or it will never go away!

Maybe so, but bee has to go, I for one think you are bee, I think bee posts the way normal freaking people post when he wants to pretend he's someone else.

P.S. would you also say the same to Mike Perry who has also had it with bee? Or to any other devs who also seem to have had it with bee? Bee is a troll, plain and simple.

July 09, 2010

In reply to erinn

Permalink

Hi erinn!!!!! You're welcome!!!!!! I'm glad it was useful information!!!!!! And, i'm happy you're so nice and polite!!!!!!!!!!! (i couldn't say the same for somebody else!!!!) Thank you!!!

bye!!!!!!!!!
~bee!!!!!

July 05, 2010

Permalink

the latest version of firefox is now 3.6.6.
i do realise that it takes time to implement the updates into your framework.
but these days browser vulnerabilities are becoming "weaponised" by hackers quicker and quicker after their discovery, coupled with the fact that malicious exit nodes can tamper with the data you receive in your browser, i would think having the latest, most secure version of firefox in the tor browser bundle would be a very high priority.

What attacks exist in 3.5.10?

Even with 3.6.6, your security risks are unlikely to change.

Your anonymity risks change drastically if we haven't had time to analyze the firefox source and adapt.

feel free to help our half-a-person working on torbutton to keep up with the firefox changes.

July 06, 2010

Permalink

What I wanted to aks, if I download a file, lets say, pdf file, using right click and 'save link as' in Tor browser, does they have my IP then? Or it goes through onion chain of people?

It goes through tor. But beware that Adobe PDF reader allows PDF javascript to run, which can connect back to a server directly and skip your proxy settings, thus de-anonymizing you.

Hi!!!!!!

I never heard of that application, it seems to work only in WINDOWS!!!!!

Well, whatever, i discovered this way to view PDF files safely everywhere!!!

You need to download GIMP!! It's a very powerful images editor, maybe you've already got it installed!!! It's free and open source, it works even in Windows!!!!(this is why this system works everywhere!!!) Download it from: http://www.gimp.org/downloads/ !!!!!!!!!!
You've to install it and run it once, so it'll create the configuration folder in your user directory!!!! You've to go in "EDIT->PREFERENCES" and set "Size of thumbnails" to "No thumbnails"!!! Click "OK" and close GIMP!!!!
Now, you've to download this script: http://flashingtwelve.brickfilms.com/GIMP/Scripts/sg-save-all-layers.scm and move it in the scripts folder of GIMP!!! It's "/home/$USERNAME/.gimp-2.6/scripts" in Linux, or the manual says "C:\Documents and Settings\$USERNAME\.gimp-2.6\scripts" in Windows, it's probably "C:\Documents and Settings\Administrator\.gimp-2.6\scripts" for the most!!!!!!!!
Now, you can open GIMP again!!!!!!! You could use the menu "FILE->OPEN..." to choose the PDF file you want to open!!!
When you've done, a dialog window will ask you what pages you want to open, you can click on "SELECT ALL", or enter a range!!!! Ensure to have the option "Open pages as:" set to "LAYERS"!!! and then click on "IMPORT"!!!
Well, what you've to do now, is to save the pages!!!! Use the menu "FILE->SAVE ALL LAYERS..." (it's the item on the bottom, it's the item created by the "sg-save-all-layers.scm" script above!!!).
A dialog window will ask you where to save the files!!!! You you'd better to enter a full path like: "/tmp/frame_~~~~.png" in LINUX, or something like "C:\frame_~~~~.png" in windows!!!!!!! When you've done, click "OK"!!!
I guess, you'll find in "C:" the saved files!!!! They should be named: frame_0001.png, frame_0002.png, frame_0003.png and so on!!!! You can use any image viewer to open them!!!!! i remember they're saved in reverse order, so the last page is "0001"!!! just press "go back" in your image viewer, to look at the next page!!! hahah!!!!!!!!!!!!!!!! this is funny!!!!

bye!!!!!!!!!
~bee!!!!!!

July 06, 2010

Permalink

but what can make tor browse again in nigeria? is it the ip, or bridges. or maybe we need to download a newer version i.e 1.3.7? cos other browsers are working fine ecxept tor. or is it the tor server having problem we are tryna blame mtn or those china cracks employed by mtn? no, tor is dead and its gonna rise again. pls help cos my antivirus is almost getting out of date. i need to update and i will never be a cyber cafe slave in my life again. vidalia tor, wetting dey happen? jones.ferrari naija

July 08, 2010

Permalink

Why is tor not connecting with mtn network in nigeria... using this ip 10.199.212.2 port 8080 http/https why? I have tried using it with all the bridges in the site and the once sent to me by my gmail but nothing to write home about pls tell us because they are charging us heavily in our conutry.. Nigeria...

July 08, 2010

Permalink

thats nice, but i wanna ask if the new update to tor +firefox will make tor still work in nigeria? ferrrari

July 18, 2010

Permalink

Can I post a tech support question here? I have been having a VERY difficult time getting Tor to work properly on my Windows 7 PC. No matter what I do, even though I see the green onion, i always see the "Sorry. You are not using Tor" page. So I figured that I would try this browser bundle since it appeared to be pretty much idiot proof. I extracted the files and ran the "Start Tor Browser.exe" program. Everything starts fine, green onion, browser starts, and "Sorry. You are not using Tor!" How is this possible? I made NO changes to the bundle software. Can someone please tell me where I should start looking to try to fix this problem?

It's possible, but unlikely, that you've hit a false negative, where the exit node you are using is not in the list of exit relays that check.torproject.org knows about at that time.

Does this still happen everytime you try it?

July 19, 2010

In reply to phobos

Permalink

Yes, every time. The IP address that the page shows is indeed my IP.

July 19, 2010

In reply to phobos

Permalink

Yes, the button says tor enabled. I went into the torbutton options and pressed the test settings button. This was the result: Tor proxy test FAILED! Check your proxy and Polipo settings.

July 20, 2010

In reply to phobos

Permalink

I've got it working now. Apparently, my flatmate installed another proxy program without telling me. When I disabled this program, the Tor bundle works just fine. Sorry for the trouble and thanks for all your help. =)

July 26, 2010

Permalink

I download the leaked documents from wikileaks over the tor bundle. After the half download the circuit breaks and it downloads per direct connection (not over tor)
what the hell is that? this is not good at all

I tested this with the latest tor browser bundle we ship. It downloaded successfully over tor for me. Do you have a download manager or something?

July 28, 2010

In reply to phobos

Permalink

No, but I had the normal firefox started beside the tor bundle. I use win xp with latest patches.

July 28, 2010

In reply to phobos

Permalink

I can't reproduce it anymore. When I break the circuit manually, the download stops completely. When I had this bug, I could break the circuit and it downloaded further on another. And after a while it connected direct to the server. But Thanks for all your hard work...

July 26, 2010

Permalink

I download a document over the bundle. The circuit breaks and it connects Direct to the server (not over the bundle)
This is BS!