New Release: Tor Browser 10.0.13 (Linux Only)
Tor Browser 10.0.13 for Linux is now available from the Tor Browser download page and also from our distribution directory.
This version fixes instability on some Linux distributions.
The full changelog since Tor Browser 10.0.12 is:
- Linux
- Bug 40328: Fix instability after upgrading to glibc 2.33
Comments
Please note that the comment area below has been archived.
Download URL is incorrect,…
Download URL is incorrect, needs the version path updating.
Which download URL?
Which download URL?
The download URL for what…
The download URL for what you posted, obviously? It's fixed now.
Okay, the post hasn't been…
Okay, the post hasn't been modified since it was posted.
The download URL on the…
The download URL on the download page has been fixed.
FWIW I was able to obtain…
FWIW I was able to obtain the detached sig and tarball via
https://decvnxytmk.oedi.net/download/
If there really was a wrong link on that page before that certainly would be a mistake to avoid repeating. But in general go Tor, keep up the good work! 8> 8>
I can't tell if my browser…
I can't tell if my browser updated. [Help] -> [About Tor Browser] has a [restart to update] button. Clicking it does restart the browser, but the browser returns with the 10.0.12 version and the button remains.
Did someone forget to bump the version number?
No, that means the update…
No, that means the update was not installed. Can you run Tor Browser with the '-v' argument on the command line? Are there any useful error messages?
Maybe you have overlooked…
Maybe you have overlooked that this is a Linux only release? At least I have.
Yes
Yes
Are you on GNU/Linux OS? As…
Are you on GNU/Linux OS? As written in the title, this update was for Linux only. If you aren't, then 10.0.12 is the most recent version for your OS.
Thank you, teams.
Thank you, Tor Project and cypherpunks.
Please add/Increase FireFox,…
Please add/Increase FireFox, Tor Browser SANDBOXING, ASLR, enhance the protections.
just use firejail
just use firejail
Well done!!
Well done!!
Good job.
Good job.
Thank you
Thank you
hi please change the…
hi
please change the homepage, it's not nice
and "resource://torbutton-assets/tor-survey-icon.svg" doesn't get open when javascript is disabled!
maybe for its format
and something else,when i change security level to safest yet in about:config javascript.enabled is True by default!
and even duckduckgo doesn't work ok, and i had to disable it every time with myself,
and, when js is disabled and i open a mp4 file directly ( i mean player doesn't work that is normal and i search in source code and find the file to open) it's doesn't work with noscript, noscript warning doesn't work anymore when a file opened directly, if it work i can download the file just with its address but it has some problems and doesn't work
i hope you get what i mean, just read it again and i'm sorry for (bad EN writing), thanks
exactly what this person…
exactly what this person said!
> "resource://torbutton…
> "resource://torbutton-assets/tor-survey-icon.svg" doesn't get open when javascript is disabled
Yes, that was reported on the blog in 10.0.12 but not on Gitlab yet.
https://vbdvexcmqi.oedi.net/comment/291208#comment-291208
If I understand correctly, the problem is that the safest security level sets the preference
svg.disabled
totrue
, and the icon image is an SVG file. One possible solution is for the developers to save the image as a PNG or JPG. They were able to make the image of the green computer on the black background for their donation campaign work without Javascript.> when i change security level to safest yet in about:config javascript.enabled is True by default
Yes, under the button to select safest mode, it tells you, "JavaScript is disabled by default on all sites." Read the notes under each level's button.
> duckduckgo doesn't work ok
Yes, the solution is to open NoScript's options and enable the "noscript" permission for duckduckgo.com. That is a new permission in NoScript. It has been fixed in Tor Browser and will be released in one of the next versions. In the meantime, either change to "safer" security level, or open https://html.duckduckgo.com/html/ , or temporarily enable NoScript's "noscript" permission for duckduckgo.com or its onion service.
> when js is disabled and i open a mp4 file directly ( i mean player doesn't work that is normal and i search in source code and find the file to open) it's doesn't work with noscript, noscript warning doesn't work anymore when a file opened directly
MP4 files are often not stored on the same host as the player's webpage. If you try to open https://.../video.mp4 , you have to allow
media
in NoScript for the mp4's hostname. On the player's webpage, you may need to allowmedia
for the player's hostname and the mp4's hostname.NoScript's icon is hidden because it can affect your anonymity if you reconfigure it. Experienced users can find its icon in the main menu --> Customize, and drag its icon to the toolbar. NoScript's options can be reset if you change your security level. Be careful if you configure NoScript.
> Yes, the solution is to…
> Yes, the solution is to open NoScript's options and enable the "noscript" permission for duckduckgo.com. That is a new permission in NoScript. It has been fixed in Tor Browser and will be released in one of the next versions. In the meantime, either change to "safer" security level, or open https://html.duckduckgo.com/html/ , or temporarily enable NoScript's "noscript" permission for duckduckgo.com or its onion service.
When I try to use duckduckgo.com onion via the menu bar in Tor Browser included with Tails 4.16 (current), as of today the server does not respond but in Onion Circuits I see a connection to r3.o.lencr.org which allegedly is the EFF cert site letsencrypt.org but which has been reported as hosting malware.
Any comment?
r3.o.lencr.org is used for…
r3.o.lencr.org is used for verifying a certificate was note revoked. It is run by Let's Encrypt. Malware use certificates from Let's Encrypt, so that may be why you are seeing the malware references.
> r3.o.lencr.org which…
> r3.o.lencr.org which allegedly is the EFF cert site letsencrypt.org
It isn't the site, but staff of Let's Encrypt stated that it is managed by them. It's their server for certificate revocation lists (CRL) and Online Certificate Status Protocol (OCSP).
https://community.letsencrypt.org/t/ocsp-uri-r3-o-lencr-org/145920
https://ssl-tools.net/webservers/r3.i.lencr.org
However, the certificates for DuckDuckGo.com and .onion are not issued by Let's Encrypt but by DigiCert. Running a DNS query on
r3.o.lencr.org
leads to random IPs allegedly owned by Akamai. Running a DNS query oncrl3.digicert.com
, seen in DuckDuckGo's certificate, leads to random IPs allegedly owned by Verizon, not Akamai. Therefore, I doubtr3.o.lencr.org
was from DuckDuckGo.You said you were using Tails, so it could have come from any application running in that OS because Tails redirects all external traffic through the Tor network. If it was from something in Tor Browser, it could have come from a host that DuckDuckGo's page accessed in the background (right-click --> Inspect Element --> Network tab --> refresh the page and watch) or from update checks by HTTPS-Everywhere or NoScript or Tor Browser itself.
> "resource://torbutton…
> "resource://torbutton-assets/tor-survey-icon.svg" doesn't get open when javascript is disabled
> Yes, that was reported on the blog in 10.0.12 but not on Gitlab yet.
It's on GitLab now: tpo/applications/tor-browser#40370 "Repair survey icon on Safest security level"
Duckduckgo, redirected in…
Duckduckgo, redirected in the past to an noscript, no .js page, if there was no java scripting possible . I am not sure but I believe they changed their search engine.
Viva Tor
Viva Tor
The latest version of…
The latest version of NoScript is overwhelming my 4 cores! Please, do something!
https://teddit.net/r/TOR…
https://teddit.net/r/TOR/comments/lmrdk6/tor_browser_safest_security_an…
Please take a look at this bug.
this has been reported a…
this has been reported a whle back (read the entire post), and the fix will probably be released in the next version.
ddg is out when javascrip…
ddg is out when javascrip disable
Please could every one check…
Please could every one check if you have "https Everywhere" extension, mine is gone with the new version 10.0.13.
I only have "NoScript" extension now :(
What difference are you…
What difference are you seeing now?
Hi, I do not see visible…
Hi, I do not see visible differences, I just cannot find "https Everywhere" anywhere in the (Add-ons Manager),
do you still have it with the Tor Browser ?, or do I need to re-install my own version?
It is now built-in to the…
It is now built-in to the browser and cannot be uninstalled. This change was included in Tor Browser 10.0 (released last September).
That is a good thing---…
That is a good thing--- unless the hard-coded version has been messed with by some hostile actor. I am alarmed that r3.o.lencr.org seems to be a cross-site-scripting site, not the actual site operated by eff.org which is letsencrypt.org.
Are you sure the icon isn't…
Are you sure its icon isn't simply hidden? Did you look in the main menu --> Add-ons --> Extensions? Did you look in the main menu --> Customize? Mine is here.
Thank you, it is in …
Thank you, it is in "Customize" indeed so i can make it visible in the Menu Bar, but i cannot find it in Add-ons.
Perhaps something went wrong while I was updating the browser, I will try to re-install it and see if it appears again.
Because this 10.0.13 version…
Because this 10.0.13 version is only for Linux, automatic updating is completely broken on Mac currently. I have a Mac stuck on 10.0.5 and another stuck on 10.0.10. In Browser Console it is apparent that update-check gets 404 error trying to fetch non-existent 10.0.13-osx64-en-US.xml from Tor update server, but Firefox stupidly tells user browser is up to date. Anyway it seems Tor Project messed up in how to do a Linux-only release.
First of all, hi, and thanks…
First of all, hi, and thanks a lot for everything, really
some questions:
1. could bookmarked pages get used as a cookie-like thing for tracking?
2. in library menu, there is a option to restore past bookmarked pages, its wondering me 'cause tor browser should not store any information about past uses, but it does! why? this could be a problem in a public computer, when many persons want to use same account
thanks again.
Hello. Yes, bookmarks could…
Hello. Yes, bookmarks could be used as a tracker if the page you bookmark is somehow unique/special to you. As for restoring previously bookmarked pages, are you sure that's an option? You can restore previously closed tabs, but I don't see an option for restoring past bookmarks.