TOR Tor Browser 5.5a5-hardened is released

Discussion in 'TOR | TAILS' started by survivalmonkey, Dec 18, 2015.


Tags:
  1. survivalmonkey

    survivalmonkey Monkey+++

    We are pleased to announce the second release in our hardened Tor Browser series. The download can be found in the 5.5a5-hardened distribution directory and on the download page for hardened builds.

    This release features important security updates to Firefox.

    Additionally, we included updated versions for Tor (0.2.7.6), OpenSSL (1.0.1q) and NoScript (2.7). Moreover, we fixed an annoying bug in our circuit display (circuits weren't visible sometimes), isolated SharedWorkers to the first-party domain and improved our font fingerprinting defense.

    On the usability side we improved the about:tor experience and started to use the bundled changelog to display new features and bug fixes after an update (instead of loading the blog post into a new tab). We'd love to hear feedback about both.

    On the hardening side we are compiling Firefox with -fwrapv now. This is mitigating possible issues with some types of undefined behavior in Mozilla's code.

    Tor Browser 5.5a5-hardened comes with a banner supporting our donations campaign. The banner is visible on the about:tor page and features either Roger Dingledine, Laura Poitras or Cory Doctorow which is chosen randomly.

    Note: There are no incremental updates from 5.5a4-hardened available this time due to a bug we detected while building. The internal updater should work, though, doing a complete update.

    Here is the complete changelog since 5.5a4-hardened:

    • Update Firefox to 38.5.0esr
    • Update Tor to 0.2.7.6
    • Update OpenSSL to 1.0.1q
    • Update NoScript to 2.7
    • Update Torbutton to 1.9.4.2
      • Bug 16940: After update, load local change notes
      • Bug 16990: Avoid matching '250 ' to the end of node name
      • Bug 17565: Tor fundraising campaign donation banner
      • Bug 17770: Fix alignments on donation banner
      • Bug 17792: Include donation banner in some non en-US Tor Browsers
      • Bug 17108: Polish about:tor appearance
      • Bug 17568: Clean up tor-control-port.js
      • Translation updates
    • Update Tor Launcher to 0.2.8.1
      • Bug 17344: Enumerate available language packs for language prompt
      • Code clean-up
      • Translation updates
    • Bug 12516: Compile Tor Browser with -fwrapv
    • Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
    • Bug 15564: Isolate SharedWorkers by first-party domain
    • Bug 16940: After update, load local change notes
    • Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
    • Bug 17747: Add ndnop3 as new default obfs4 bridge
    • Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
    • Bug 17369: Disable RC4 fallback
    • Bug 17442: Remove custom updater certificate pinning
    • Bug 16863: Avoid confusing error when loop.enabled is false
    • Bug 17502: Add a preference for hiding "Open with" on download dialog
    • Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
    • Bug 16441: Suppress "Reset Tor Browser" prompt

    Continue reading...
     
  1. survivalmonkey
  2. survivalmonkey
  3. survivalmonkey
  4. survivalmonkey
  5. survivalmonkey
  6. survivalmonkey
  7. survivalmonkey
  8. survivalmonkey
  9. Witch Doctor 01
  10. 10brokenpromises
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7