A new hardened Tor Browser release is available. It can be found in the 6.5a3-hardened distribution directory and on the download page for hardened builds. This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible. In addition to the changes from Tor Browser 6.5a3, the creation of incremental MARs for hardened builds is now fixed. Note: Due to bug 20185 Tor Browser will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path. All Platforms Update Firefox to 45.4.0esr Update Tor to 0.2.9.2-alpha Update OpenSSL to 1.0.2h (bug 20095) Update Torbutton to 1.9.6.4 Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git Bug 17767: Make "JavaScript disabled" more visible in Security Slider Bug 19995: Clear site security settings during New Identity Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times Bug 19837: Whitelist internal URLs that Firefox requires for media Bug 15852: Remove/synchronize Torbutton SOCKS pref logic Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6 Bug 14271: Make Torbutton work with Unix Domain Socket option Translation updates Update Tor Launcher to 0.2.11 Bug 14272: Make Tor Launcher work with Unix Domain Socket option Bug 19568: Set CurProcD for Thunderbird/Instantbird Bug 19432: Remove special handling for Instantbird/Thunderbird Translation updates Update HTTPS-Everywhere to 5.2.4 Update NoScript to 2.9.0.14 Bug 19851: Fix ASan error by upgrading GCC to 5.4.0 Bug 17858: Fix creation of incremental MARs for hardened builds Bug 14273: Backport patches for Unix Domain Socket support Bug 19890: Disable installation of system addons Bug 17334: Spoof referrer when leaving a .onion domain Bug 20092: Rotate ports for default obfs4 bridges Bug 20040: Add update support for unpacked HTTPS Everywhere Bug 20118: Don't unpack HTTPS Everywhere anymore Bug 19336 rel="nofollow">+19835: Enhance about:tbupdate page Build system All platforms Bug 20133: Don't apply OpenSSL patch anymore Bug 19528: Set MOZ_BUILD_DATE based on Firefox version Continue reading...
