A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory. Tor Browser 4.5.1 is based on Firefox ESR 31.7.0, which features important security updates to Firefox. The 4.5.1 release also addresses several regressions and usability issues discovered during the 4.5 release. The most notable change is that we have slightly relaxed the first party isolation privacy property, due to issues encountered on several file hosting sites as well as other sites that host content on multiple subdomains. Tor Circuit use and tracking identifiers are now all isolated to the base (top-level) domain only, as opposed to the full domain name. This change is also consistent with the browser URL bar - isolation is now performed based on the bold portion of the website address in the URL bar. We also have temporarily disabled the NoScript ClearClick clickjacking protection, as it was experiencing false positives due to changes in Tor Browser that cause errors in NoScript's evaluation of the content window. These issues were most commonly experienced with ReCaptcha captcha input, but occurred elsewhere as well. With this release, 4.0 users will now be updated automatically to the 4.5 series. Note to MacOS users: The update process for Mac OS 10.6 and 10.7 users will unfortunately not be automatic. You will be instructed to perform a manual download instead. Moreover, as of this release, 32 bit Macs are now officially unsupported. For more information, see the original end-of-life blog post. Here is the list of changes since 4.5: All Platforms Update Firefox to 31.7.0esr Update meek to 0.18 Update Tor Launcher to 0.2.7.5 Translation updates only Update Torbutton to 1.9.2.3 Bug 15837: Show descriptions if unchecking custom mode Bug 15927: Force update of the NoScript UI when changing security level Bug 15915: Hide circuit display if it is disabled. Translation updates Bug 15945: Disable NoScript's ClearClick protection for now Bug 15933: Isolate by base (top-level) domain name instead of FQDN Bug 15857: Fix file descriptor leak in updater that caused update failures Bug 15899: Fix errors with downloading and displaying PDFs Windows Bug 15872: Fix meek pluggable transport startup issue with Windows 7 Build System Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds Continue reading...
