A new hardened Tor Browser release is available. It can be found in the 6.5a4-hardened distribution directory and on the download page for hardened builds. This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.5-alpha, HTTPS-Everywhere to 5.2.7, and OpenSSL to 1.0.2j. This release includes numerous bug fixes and improvements. Most notably we improved our Unix domain socket support by resolving all the issues that showed up in the previous alpha and by making sure all connections to tor (not only the control port related ones) are using this feature now. Additionally, we fixed a lot of usability bugs, most notably those caused by our window resizing logic. We moved the relevant code out of Torbutton into a C++ patch which we hope to get upstreamed into Firefox. We improved the usability of our security slider as well by reducing the amount of security levels available and redesigning the custom mode. Finally, we added a donation banner shown in some localized bundles starting on Nov 23 in order to point to our end-of-the-year 2016 donation campaign. For those who want to know in which ways the alpha and the hardened series differ: check out the discussion we had on the tbb-dev mailing list a while back. Here is the full changelog since 6.5a3-hardened: All Platforms Update Firefox to 45.5.0esr Update Tor to tor-0.2.9.5-alpha Update OpenSSL to 1.0.2j Update Torbutton to 1.9.6.7 Bug 20414: Add donation banner on about:tor for 2016 campaign Bug 20111: Use Unix domain sockets for SOCKS port by default Bug 19459: Move resizing code to tor-browser.git Bug 20264: Change security slider to 3 options Bug 20347: Enhance security slider's custom mode Bug 20123: Disable remote jar on all security levels Bug 20244: Move privacy checkboxes to aboutreferences#privacy Bug 17546: Add tooltips to explain our privacy checkboxes Bug 17904: Allow security settings dialog to resize Bug 18093: Remove 'Restore Defaults' button Bug 20373: Prevent redundant dialogs opening Bug 20388+20399+20394: Code clean-up Translation updates Update Tor Launcher to 0.2.11.1 Bug 20111: Use Unix domain sockets for SOCKS port by default Bug 20185: Avoid using Unix domain socket paths that are too long Bug 20429: Do not open progress window if tor doesn't get started Bug 19646: Wrong location for meek browser profile on OS X Translation updates Update HTTPS-Everywhere to 5.2.7 Update meek to 0.25 Bug 19646: Wrong location for meek browser profile on OS X Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4 Bug 20304: Support spaces and other special characters for SOCKS socket Bug 20490: Fix assertion failure due to fix for bug 20304 Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch) Bug 20442: Backport fix for local path disclosure after drag and drop Bug 20160: Backport fix for broken MP3-playback Bug 20043: Isolate SharedWorker script requests to first party Bug 20123: Always block remote jar files Bug 20244: Move privacy checkboxes to aboutreferences#privacy Bug 19838: Add dgoulet's bridge and add another one commented out Bug 19481: Point the update URL to aus1.torproject.org Bug 20296: Rotate ports again for default obfs4 bridges Bug 20651: DuckDuckGo does not work with JavaScript disabled Bug 20399+15852: Code clean-up Bug 15953: Weird resizing dance on Tor Browser startup Build System All Platforms Bug 20023: Upgrade Go to 1.7.3 Bug 20583: Make the downloads.json file reproducible Continue reading...
