1. The Topic of the Month for April 2017 is "Store what you use, use what you store." Please join the discussion on the Survival Topic of the Month forum.

TOR Tor Browser 6.0a5-hardened is released

Discussion in 'TOR | TAILS' started by survivalmonkey, Apr 28, 2016.

  1. survivalmonkey

    survivalmonkey Monkey+++

    A new hardened Tor Browser release is available. It can be found in the 6.0a5-hardened distribution directory and on the download page for hardened builds.

    This release features important security updates to Firefox.

    It contains a bunch of noteworthy changes. We switched the browser to Firefox ESR 45 and rebased our old patches/wrote new ones where necessary. We also ship a new Tor alpha version,, which makes meek usable again and contains a number of other improvements/stability fixes.

    Note: There is no incremental update from 6.0a3-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.

    Here is the complete changelog since 6.0a4-hardened:

    Tor Browser 6.0a5-hardened -- April 28 2016

    • All Platforms
      • Update Firefox to 45.1.0esr
      • Update Tor to
      • Update Torbutton to
        • Bug 18466: Make Torbutton compatible with Firefox ESR 45
        • Translation updates
      • Update Tor Launcher to
        • Bug 13252: Do not store data in the application bundle
        • Bug 10534: Don't advertise the help desk directly anymore
        • Translation updates
      • Update HTTPS-Everywhere to 5.1.6
      • Update NoScript to
      • Update meek to 0.22 (tag 0.22-18371-2)
        • Bug 18371: Symlinks are incompatible with Gatekeeper signing
      • Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
      • Bug 18900: Fix broken updater on Linux
      • Bug 18042: Disable SHA1 certificate support
      • Bug 18821: Disable libmdns support for desktop and mobile
      • Bug 18848: Disable additional welcome URL shown on first start
      • Bug 14970: Exempt our extensions from signing requirement
      • Bug 16328: Disable MediaDevices.enumerateDevices
      • Bug 16673: Disable HTTP Alternative-Services
      • Bug 17167: Disable Mozilla's tracking protection
      • Bug 18603: Disable performance-based WebGL fingerprinting option
      • Bug 18738: Disable Selfsupport and Unified Telemetry
      • Bug 18799: Disable Network Tickler
      • Bug 18800: Remove DNS lookup in lockfile code
      • Bug 18801: Disable dom.push preferences
      • Bug 18802: Remove the JS-based Flash VM (Shumway)
      • Bug 18863: Disable MozTCPSocket explicitly
      • Bug 15640: Place Canvas MediaStream behind site permission
      • Bug 16326: Verify cache isolation for Request and Fetch APIs
      • Bug 18741: Fix OCSP and favicon isolation for ESR 45
      • Bug 16998: Disable for now
      • Bug 17506: Reenable building hardened Tor Browser with startup cache
      • Bug 18898: Exempt the meek extension from the signing requirement as well
      • Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
      • Bug 18890: Test importScripts() for cache and network isolation
      • Bug 18726: Add new default obfs4 bridge (GreenBelt)
    • Build System
      • Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
      • Bug 18699: Stripping fails due to obsolete Browser/components directory
      • Bug 18698: Include libgconf2-dev for our Linux builds

    Continue reading...
survivalmonkey SSL seal        survivalmonkey.com warrant canary