A new hardened Tor Browser release is available. It can be found in the 6.0a3-hardened distribution directory and on the download page for hardened builds. This release features important security updates to Firefox. This release bumps the versions of several of our components, e.g.: Firefox to 38.7.0esr, Tor to 0.2.8.1-alpha, OpenSSL to 1.0.1s, NoScript to 2.9.0.4 and HTTPS-Everywhere to 5.1.4. Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further. Note: There is no incremental update from 6.0a2-hardened available due to bug 17858. The internal updater should work, though, doing a complete update. Here is the complete changelog since 6.0a2-hardened: Tor Browser 6.0a3-hardened -- March 8 All Platforms Update Firefox to 38.7.0esr Update Tor to 0.2.8.1-alpha Update OpenSSL to 1.0.1s Update NoScript to 2.9.0.4 Update HTTPS Everywhere to 5.1.4 Update Torbutton to 1.9.5.1 Bug 16990: Don't mishandle multiline commands Bug 18144: about:tor update arrow position is wrong Bug 16725: Allow resizing with non-default homepage Bug 16917: Allow users to more easily set a non-tor SSH proxy Translation updates Bug 18030: Isolate favicon requests on Page Info dialog Bug 18297: Use separate Noto JP,KR,SC,TC fonts Bug 18170: Make sure the homepage is shown after an update as well Bug 16728: Add test cases for favicon isolation Windows Bug 18292: Disable staged updates on Windows Continue reading...
