TOR Tor Browser 5.0a1 is released

Discussion in 'TOR | TAILS' started by survivalmonkey, May 12, 2015.


  1. survivalmonkey

    survivalmonkey Monkey+++

    The first alpha release in the new 5.0 series of the Tor Browser is now available from our extended downloads page as well as the distribution directory.

    Tor Browser 5.0a1 is based on Firefox ESR 31.7.0, which features important security updates to Firefox.

    In addition to including all of the fixes that were present in the 4.5.1 release, this alpha release also features some additional privacy defenses.

    In particular, this release re-enables the automatic window resizing fingerprinting defense that first appeared in 4.5a4. This defense can be disabled by setting the about:config pref extensions.torbutton.resize_windows to false, but please first report any issues you encounter on the feature's trac ticket.

    This release also introduces a new defense against various forms of performance fingerprinting and time-based side channel attacks. A handful of new attacks have been published recently that take advantage of Javascript's high-performance timers to determine hardware performance, perform keystroke fingerprinting, extract history information, and even steal sensitive data from memory. Because this defense reduces the resolution of time available to Javascript to 100 milliseconds for all time sources, and to 250 milliseconds for keypress event timestamps, we are especially interested in hearing any reports about issues with HTML5 video, animation, or game sites. Hopefully you will have as much fun testing this defense as we will!


    Here is the complete list of changes since Tor Browser 4.5:

    • All Platforms
      • Update Firefox to 31.7.0esr
      • Update meek to 0.18
      • Update Tor Launcher to 0.2.7.5
        • Translation updates only
      • Update Torbutton to 1.9.2.5
        • Bug 15837: Show descriptions if unchecking custom mode
        • Bug 15927: Force update of the NoScript UI when changing security level
        • Bug 15915: Hide circuit display if it is disabled.
        • Bug 14429: Improved automatic window resizing
        • Translation updates
      • Bug 15945: Disable NoScript's ClearClick protection for now
      • Bug 15933: Isolate by base (top-level) domain name instead of FQDN
      • Bug 15857: Fix file descriptor leak in updater that caused update failures
      • Bug 15899: Fix errors with downloading and displaying PDFs
      • Bug 15773: Enable ICU on OS X
      • Bug 1517: Reduce precision of time for Javascript
      • Bug 13670: Ensure OCSP requests respect URL bar domain isolation
      • Bug 13875: Improve the spoofing of window.devicePixelRatio
    • Windows
      • Bug 15872: Fix meek pluggable transport startup issue with Windows 7
    • Build System
      • Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
      • Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds

    Continue reading...
     
    Wild Trapper likes this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7