Tor Browser 6.5a3 is now available from the Tor Browser Project page and also from our distribution directory. This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible. This release bumps the versions of several of our components: Firefox to 45.4.0esr, Tor to 0.2.9.2-alpha and OpenSSL to 1.0.2h, HTTPS-Everywhere to 5.2.4, NoScript to 2.9.0.14. Additionally we are adding Unix Domain Socket support on Linux and OSX, the about:tbupdate page giving information about the update has been improved, the referrer spoofing for .onion domains has been moved from Torbutton to C++ patches. Note: Due to bug 20185 Tor Browser on Linux and OS X will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path. Here is the full changelog since 6.5a2: All Platforms Update Firefox to 45.4.0esr Update Tor to 0.2.9.2-alpha Update OpenSSL to 1.0.2h (bug 20095) Update Torbutton to 1.9.6.4 Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git Bug 17767: Make "JavaScript disabled" more visible in Security Slider Bug 19995: Clear site security settings during New Identity Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times Bug 19837: Whitelist internal URLs that Firefox requires for media Bug 15852: Remove/synchronize Torbutton SOCKS pref logic Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6 Bug 14271: Make Torbutton work with Unix Domain Socket option Translation updates Update Tor Launcher to 0.2.10.1 Bug 14272: Make Tor Launcher work with Unix Domain Socket option Bug 19568: Set CurProcD for Thunderbird/Instantbird Bug 19432: Remove special handling for Instantbird/Thunderbird Translation updates Update HTTPS-Everywhere to 5.2.4 Update NoScript to 2.9.0.14 Bug 14273: Backport patches for Unix Domain Socket support Bug 19890: Disable installation of system addons Bug 17334: Spoof referrer when leaving a .onion domain Bug 20092: Rotate ports for default obfs4 bridges Bug 20040: Add update support for unpacked HTTPS Everywhere Bug 20118: Don't unpack HTTPS Everywhere anymore Bug 19336+19835: Enhance about:tbupdate page Android Bug 19706: Store browser data in the app home directory Build system All platforms Bug 20133: Don't apply OpenSSL patch anymore Bug 19528: Set MOZ_BUILD_DATE based on Firefox version OS X Bug 19856: Make OS X builds reproducible again Bug 19410: Fix incremental updates by taking signatures into account Continue reading...
