1. The Topic of the Month for October is "Make this the Perfect Bugout Location". Please join the discussion in the TOTM forum.

TOR Tor Browser 5.0a3 is released

Discussion in 'TOR | TAILS' started by survivalmonkey, Jul 6, 2015.

  1. survivalmonkey

    survivalmonkey Monkey+++

    The Tor Browser Team is proud to announce the first alpha released based on Firefox 38 ESR.

    As such, this release features many updates to Firefox (including several security updates), as well as to our build system and dependencies. For this release, we performed a thorough network and feature review of Firefox 38, and fixed the most pressing privacy issues, as well as all Tor proxy safety issues that we discovered during the audit.

    We also updated our toolchain on OS X to use the OS X 10.7 SDK. For Linux and Windows we switched to GCC 5.1 as our new (cross)-compiler. We are therefore especially interested in feedback if there are stability issues or broken Tor Browser bundles due to these toolchain upgrades.

    Besides Firefox 38 and build system changes, we also updated several components. Most notably, we bumped OpenSSL to version 1.0.1o, NoScript to version and Torbutton to version Included as well is a backported Tor patch to improve usability on websites, and we fixed a crash bug impacting users with the security slider level set to "High".

    Here is the complete changelog since 5.0a2

    • All Platforms
      • Update Firefox to 38.1.0esr
      • Update OpenSSL to 1.0.1o
      • Update NoScript to
      • Update meek to 0.20
      • Update Torbutton to
        • Bug 16403: Set search parameters for Disconnect
        • Bug 14429: Make sure the automatic resizing is enabled
        • Bug 16427: Use internal update URL to block updates (instead of

        • Bug 16200: Update Cache API usage and prefs for FF38
        • Bug 16357: Use Mozilla API to wipe permissions db
        • Translation updates
      • Update Tor Launcher to
        • Bug 16428: Use internal update URL to block updates (instead of

        • Bug 15145: Visually distinguish "proxy" and "bridge" screens.
        • Translation updates
      • Bug 16430: Allow DNS names with _ characters in them (fixes
        nytimes.com) (Tor patch backport)
      • Bug 13247: Fix meek profile error after bowser restarts
      • Bug 16397: Fix crash related to disabling SVG
      • Bug 16403: Set search parameters for Disconnect
      • Bug 16446: Update FTE bridge #1 fingerprint
      • Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent
      • Bug 16005: Relax WebGL minimal mode
      • Bug 16300: Isolate Broadcast Channels to first party
      • Bug 16439: Remove Roku screencasting code
      • Bug 16285: Disabling EME bits
      • Bug 16206: Enforce certificate pinning
      • Bug 13670: Isolate OCSP requests by first party domain
      • Bug 16448: Isolate favicon requests by first party
      • Bug 7561: Disable FTP request caching
      • Bug 6503: Fix single-word URL bar searching
      • Bug 15526: ES6 page crashes Tor Browser
      • Bug 16254: Disable GeoIP-based search results
      • Bug 16222: Disable WebIDE to prevent remote debugging and addon
      • Bug 13024: Disable DOM Resource Timing API
      • Bug 16340: Disable User Timing API
      • Bug 14952: Disable HTTP/2
    • Mac OS
      • Use OSX 10.7 SDK
      • Bug 16253: Tor Browser menu on OS X is broken with ESR 38
    • Build System
      • Bug 16351: Upgrade our toolchain to use GCC 5.1
      • Bug 15772 and child tickets: Update build system for Firefox 38

    Continue reading...
    Wild Trapper and Tobit like this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary