New Tor Browser Bundles with Firefox 17.0.8esr
All of the Tor Browser Bundles have been updated with Firefox 17.0.8esr which includes critical security fixes. All users are strongly encouraged to upgrade. To read more about which kinds of fixes are in this version of Firefox, please click here. This link is also included in the changelogs and we will continue to add it in the future versions of Tor Browser Bundle as well so that users can always be aware of major issues.
https://decvnxytmk.oedi.net/download/download-easy.html.en
https://decvnxytmk.oedi.net/projects/torbrowser.html.en#downloads
Tor Browser Bundle (2.3.25-11)
- Update Firefox to 17.0.8esr
- Update HTTPS Everywhere to 3.3.1
- Update NoScript to 2.6.7
- Update LibPNG to 1.6.3
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
Tor Browser Bundle (2.4.15-beta-2)
- Update Firefox to 17.0.8esr
- HTTPS Everywhere to 4.0development.9
- Update PDF.js to 0.8.298
- Update NoScript to 2.6.6.9
- Update LibPNG to 1.6.3
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
Comments
Please note that the comment area below has been archived.
Nice. An auto update feature.
Nice. An auto update feature.
See https://trac.torproject.o
See
https://trac.torproject.org/projects/tor/wiki/org/meetings/2013SummerDe…
as well as
https://lists.torproject.org/pipermail/tor-dev/2013-August/005228.html
for recent discussions of auto update. (We want to be sure to get it right before trying it.)
Your updates for Mac have
Your updates for Mac have not worked for several months because they're asking for a nonexistent Firefox settings file. It's possible that Macs with Firefox already installed have this file, but that's not the way Tor used to work.
Exciting. Do the TBB 3.0
Exciting. Do the TBB 3.0 alphas have this problem too?
https://vbdvexcmqi.oedi.net/category/tags/tbb-30
If so, we should be sure to fix it there. If not, we can look forward to the problem being resolved when we switch to 3.0.
Hey, thanks for letting us
Hey, thanks for letting us know -- this sounds like a new-to-us bug. Which version of OSX are you using? Do you know the name of the settings file it wants? Which was the last version of TBB that worked for you?
In this latest TBB the
In this latest TBB the Torbutton plugin incorrectly indicates that it is not up to date.
I think your problem was
I think your problem was that you tried it too soon after release, and the https://check.torproject.org/RecommendedTBBVersions file didn't have this new version in it yet?
Why doesn't
Why doesn't check.torproject.org indicate 17.0.7 users that there is an update? Isn't that the whole purpose of that site?
When your TBB starts, it
When your TBB starts, it will fetch the list of recommended versions from
https://check.torproject.org/RecommendedTBBVersions
and compare its version to the list. Then it will point you at the "there's a security update available" page if its version is not in the list.
Or said more simply, "It works for me. Are you sure you tried recently enough?"
I have tried and get the
I have tried and get the same response. Running 17.0.7 and the message "Torbrowser is up to date". I am on Mac OSX.
Is it just me, or there is
Is it just me, or there is no link for beta version? I have been looking around in the archive.torproject but I can only find 2.3 regular and the alpha versions.
I want to download beta, can someone please help with the link?
Also, why is beta version, well, beta? I have been using it and it works like a charm! Also, https everywhere is more updated ;)
1 question why is noscript actually more updated in regular than beta?
I would like more ducmentation on the differences between regular stable, beta and alpha.
For now, I only really need the link.
THANKS
https://decvnxytmk.oedi.net/pr
https://decvnxytmk.oedi.net/projects/torbrowser.html.en#downloads
(Oh hey, the torbrowser page has a new format! Yay.)
I've also added the link to the main blog post. Thanks.
Here you have latest stable
Here you have latest stable versions + beta:
https://decvnxytmk.oedi.net/dist/torbrowser/
And here are alpha versions (latest 3.0a3):
https://archive.torproject.org/tor-package-archive/torbrowser/
Tor develeopers - you are
Tor develeopers - you are doing great job. Tor user - but remember, trust no one. If you are new here and never change config in about:config - beware. Before you can safely use tor network you must disable a lot of options in Firefox. If you aware of seeing gore images, etc, disable images, disable http referrer, disable external fonts, forbid all embeddings in noscript, disable cookies, disable safebrowsing, disable cache. Then check ip-check.info. You are not on target by gov agencies but you're suspect because using anonumous network. If you're using it you have something to hide it, right? Well... that they think. Read and learn.
It's also advised not to use
It's also advised not to use anything on a closed-source operating system such as Windows and Mac OSX.
Could you please give me a
Could you please give me a step by step , to set up the most secure way browsing,
with mountain lion thnks
no one does trust the TOR
no one does trust the TOR Project and FBI informer Mike Perry. Why do you think they switched java on and noscript off before the FBI injected malicious scripts to various FH sites? The TOR Project do not realise who is being paid to make alterations in this way.....take a look at each other as I know who is. What about the serial numbers embedded and being cross referenced against the download IP? The scripts you run to get a user ID to cross reference???
Need I say more about the way TOR has been ruined by greedy people involved.
Who wants to see a full list of named people and who is being paid, also who offered info for sale and who the FBI Informants are?
How about a recording of the meeting in which the TOR browser bundle was arranged for the FBI. Can I upload audio here?
The Tor Project people can NOT be trusted. You are being tracked every time you use TOR.
Ha. I invite your
Ha.
I invite your tinfoilhattedness to read https://vbdvexcmqi.oedi.net/blog/deterministic-builds-part-one-cyberwar…
HI Anonymous, actually
HI Anonymous, actually altering the default settings of TBB can put you in a reduced anonymity set. A good way of seeing this is if you visit panopticlick.eff.org
I have complained about this
I have complained about this before, but since the problem persists I post the previous message one more time here:
My Linux Live CD still uses gtk+ 2.16.5 which is the reason why none of the TBBs after 2.3.25-2 have worked for me. Vidalia and Tor start up and connect to the Tor network but Firefox won't start ...
> libxul.so: undefined symbol: gtk_widget_set_can_focus
... and I'm wondering why? Shouldn't TBB work in the greatest possible number of environments? I can see no good reason why you are using a version of gtk+ that leaves some of your users behind. Firefox 17.0.8esr works perfectly on my computer. If Mozilla can do it, why can't the Tor-Project? Others have complained about the same issue and apparently there's a ticket in the bug-tracker but nothing has happened over the past 7 months.
I think the Tor-Project should be using a well specified, standardized and dedicated build-box to produce its browser bundles so that the outcome no longer depends on who happens to run the build procedure. It would also be a good idea to publish minimum requirements along with the change log for each new TBB.
I agree on all counts. Can
I agree on all counts. Can you try the TBB 3.0alpha and see if it works for you? If not, you should (help us) work on a patch to fix that.
I want to leave TBB 2.x (and its build process) behind as soon as we can.
I did try the latest TBB
I did try the latest TBB 3.0alpha, but had no luck with it either.
I'm the one who has posted the error message ...
> ./start-tor-browser: line 119: getconf: not found
> ./start-tor-browser: line 120: file: not found
> Wrong architecture? 32-bit vs. 64-bit.
... in the "3.0alpha3 Released" thread. Have a look. I've just
posted a short reply to your question regarding my
hardware platform.
Package version set
Package version set incorrectly for 32-bit and 64-bit Mac TBB 2.3.25-11
The 32-bit Mac (TorBrowser-2.3.25-11-osx-i386-en-US.zip) and 64-bit Mac (TorBrowser-2.3.25-11-osx-x86_64-en-US.zip) versions of TBB appear to have their package version number set incorrectly.
Unziping and doing a Finder Get Info on TorBrowser_en-US.app in 32-bit Mac TBB reveals:
Similarly, 64-bit Mac TBB 2.3.25-11 reveals:
Note that for both the Finder reports 2.3.25-10, not 2.3.25-11. However, the FireFox version reported by the browser included in both is 17.0.8, so Mac TBB 2.3.25-11 doesn't actually contain 2.3.25-10.
I've just opened
I've just opened https://trac.torproject.org/projects/tor/ticket/9435
Please keep an eye on it and help us make sure we fix it correctly.
Thanks!
in russian bundle
in russian bundle tor-browser-2.3.25-11_ru.exe language pack not availible
please fix it
Looks like the language
Looks like the language packs are missing for all languages. We've filed a ticket:
https://trac.torproject.org/projects/tor/ticket/9436
Please help us keep track of it and make sure it gets fixed. Thanks!
I have a suggestion. Could
I have a suggestion.
Could Tor developers/staff move all discussions on this website to http://torforum.org which I believe is the forum for Tor users.
Posting comments here make the website very untidy. It also looks very disorganized. I always thought IT and software programmers to be people with good organizational skills.
Just have a look at the number of posts to the article "Tor security advisory: Old Tor Browser Bundles vulnerable". At the time of writing, there are 633 posts. Non-IT users like me have a hard time trying to sift out information that is useful to me.
I answered you over
I answered you over here:
https://vbdvexcmqi.oedi.net/blog/tails-020-out#comment-33419
In short, "yes but there is no forum, and that one isn't the forum either."
Hi arma, the search box of
Hi arma, the search box of this blog seems not working and tells me
"You must include at least one positive keyword with 3 characters or more."
even if I'm searching longer words. I'm not sure about "positive keyword" meaning maybe I'm doing it wrong.
Yeah, it looks like the
Yeah, it looks like the search feature on the blog is broken. Sorry. Try a search engine. :)
Glad to see I wasn't the
Glad to see I wasn't the only one!
Thanks for posting.
!!!ERROR!!! The NoScript
!!!ERROR!!!
The NoScript version in alpha is 2.6.7 and NoScript version in stable is 2.6.6.9
Alpha is supposed to be
Alpha is supposed to be later than stable.
And "7" is later than "6". (The digit immediately following the 2nd dot in each case).
What is your issue?
Actually, I think they were
Actually, I think they were supposed to be the same version. Should be fixed in the next release. Please let us know if not.
Why have you removed Vidalia
Why have you removed Vidalia bundle ?
Because we don't have enough
Because we don't have enough build engineers, and also we have no maintainer for Vidalia.
Hello. I have been having
Hello.
I have been having this error since TBB 2.3.25-8:
TBB unpacks correctly and the Vidalia shows that apparently I am connected to TOR. The problem is when FF loads.
Tor Button shows as disabled and you're unable to navigate the TOR network, the same happens if I try any clearnet address.
I've been using 2.3.25-8 for months.. Now I just tried the new release and the problem persist.
I'm running old Win XP Pro no system updates for over 1 year.
I have Encryption installed (T. C.) and running a system based firewall known as Zone Alarm Pro(an old release).
Any suggestions on how to solve this problem without having to do a clean reinstall or having to update to Win7/8?
Thanks!!
Try TBB 3.x? Or try Linux. :)
Try TBB 3.x?
Or try Linux. :)
the latest tbb is broken
the latest tbb is broken (tor-browser-2.3.25-11_en-US.exe). or no-script is, one of the two. its only giving me the option to temporarily allow all on this page or allow scripts globally. theres no option for allowing individual pages.
Anonymous, have you tried
Anonymous, have you tried Options -> Appearance? There you should be able to tweak the contextual menu.
I use the newest TBB and
I use the newest TBB and cannot set my preferred lanuages for displaying internet pages. That is, I can set them but FF doesn't remember my preferences. I'm sure the older version I used before did this. I am aware that changing my language preferences to anything other than US-English makes me less anonymous, but I would like to decide that for myself and not make FF decide that for me.
See
See https://trac.torproject.org/projects/tor/ticket/9436
Should be fixed in the next release.
Thanks for your answer, but
Thanks for your answer, but I think the ticket #9436 deals with the language pack, i.e. the language that is used for the menu etc. What I mean is the preferred language to display internet pages in. You can set that under Edit -> Preferences -> Content. Some pages are available in several languages, and by this setting you can make the page show in the language you prefer. Those are two different things: Language pack for the browser environment, preferred language for the content, and they don't necessarily have to be the same.
I can set my preferred language(s), but on the next browser start the settings are gone.
Let us know if the upcoming
Let us know if the upcoming release is still broken.
I just downloaded the latest
I just downloaded the latest version (ending on .12), and yes, it's still an issue. It's a little better now, because the German language pack is now included correctly, thus the "preferred website languages" include German by default. But if I add a language manually - say, Dutch, because I'd rather read a site in Dutch than in English if it is available in that language, the Tor Browser still doesn't remember that setting. In the about:config section it is the parameter "intl.accept_languages".
I do realize that I make myself a lot less anonymous by adding unusual languages in that section, but I would still like to do it an have my settings remembered.
All the same, I want to say a big Thank You for all the hard work you folks put in on our behalf. It is much appreciated!
In Tor FAQ one can read,
In Tor FAQ one can read, that JavaScript should be allowed by default:
https://decvnxytmk.oedi.net/docs/faq.html.en#TBBJavaScriptEnabled
Jacob Appelbaum commends to disable JavaScript:
https://twitter.com/ioerror/status/364171837434904576
What is right?
I updated the FAQ entry to
I updated the FAQ entry to explain things more.
when i download Tor bundle,
when i download Tor bundle, i have the same 17.0.7 version again. WHY?
Are you downloading it
Are you downloading it wrong? Or looking at the wrong file afterwards?
"Works for me"
blabla...and where i have to
blabla...and where i have to download the latest version?
When ever i go to extract
When ever i go to extract the zip folder it says - Can not open file "...Downloads\tor-browser-2.3.25-11_en-US.exe" as archive -
Download page has version
Download page has version Version 2.3.25-12. Is this correct?
Yes, it is correct.
Yes, it is correct.
Hi, I recently downloaded
Hi, I recently downloaded Tor and attempted my first update last week. But I do not know if I did it correctly. If I have done it correctly, why does Tor keep indicating that an update is available when I open it? Thank you.
I don't know. Maybe you
I don't know. Maybe you didn't do the update correctly?
YESTERDAY'S (EMERGENCY)
YESTERDAY'S (EMERGENCY) UPDATE NOT STABLE
17.0.8 bundle installed August 13 seems to have problem with memory usage under Windows 7 Enterprise SP1 (all updates). Previous version was fine
Task manager shows an increasing memory allocation until reaching around 750MB at which point the browser crashes and windows closes it. This isn't happening with Firefox ESR. My TB install has no plugins or addins other than those supplied with it.
Even with numerous tabs, ordinary FF doesn't use a fraction of this memory or CPU resources.
You might find
You might find https://trac.torproject.org/projects/tor/ticket/9521 interesting.
i got this weird tor2web
i got this weird tor2web header that goes like this when going onto an onion website?
onion.to does not host this content; we are simply a conduit connecting Internet users to content hosted inside the Tor network.
onion.to does not provide any anonymity. You are strongly advised to download the Tor Browser Bundle and access this content over Tor.
Please send us your feedback and see our legal information.
This page is accessible also on the following random mirror: tor2web.blutmagie.de
hide Tor2web header
tried downloading the new version, updated on the 12th anyway, but yeah should i be worried or is this ok?
If you're using onion.to,
If you're using onion.to, you are not using Tor to reach a Tor hidden service. You're using a normal website on the normal Internet and asking it to reach the Tor hidden service for you.
Who is behind onion.to ?
Who is behind onion.to ?
Tyvm for all u do
Tyvm for all u do
latest version indicates all
latest version indicates all nodes have only been up a matter of hours? seems fishy?
I agree. I wonder what
I agree. I wonder what "latest version" is for you? And where you got it? And whether you checked the signature?
FYI, about update notice on
FYI, about update notice on check.torproject.org.
TBB has never shown the "There is a security update available for the Tor Browser Bundle." on first view. Only after closing then reopening TBB, or closing FF and stopping then starting tor, is the message shown.
FYI2 Closing FF in linux does not stop and close TBB as in windows. If this is by design that is fine.
Right -- TBB 2.0 only checks
Right -- TBB 2.0 only checks whether you need to upgrade at startup. TBB 3.0 does it periodically even while you're running.
And yes, TBB 2.0 does different things on Linux vs Windows when you close Tor Browser. That's a bug, but we have no developers for fixing it. Let's focus on TBB 3.0! :)
HI, can someone please
HI,
can someone please explain whether this version is safe from IGMP and ICMP attacks? That's the next big problem.
We can only answer if you
We can only answer if you explain clearly what the attacks are.
(I disagree that they're the next big problem.)
Hi, I havent been able to
Hi,
I havent been able to update Tor for a while, since I have a Mac OSX 10.5 and cannot update to the latest Firefox for a lack of system requirements. Is there any other way I can install an updated version of Tor?
Important Fact: I have ZERO programming skills. :/
http://en.wikipedia.org/wiki/
http://en.wikipedia.org/wiki/Mac_OS_X_Leopard
You are using an obsolete unsupported OS. And I don't just mean unsupported by Tor, I mean unsupported by anybody. It's full of security vulnerabilities that aren't fixed. You should get a better OS -- maybe that's a newer OS X, but Linux would be a fine choice too.
"but Linux would be a fine
"but Linux would be a fine choice too."
That's *GNU*/Linux (unless you meant to include Android)
galera, alguem fala
galera, alguem fala portugues ai?
me digam uma coisa, quando você coloca um endereço de web nomal no browser ele acessa como o internet explorer, minha pergunta é a seguinte, se eu entrer em um proxy anonimo online estando usando o tor fica ainda mais anonymo, tipo, eu ja estou anonimo e ele ainda mascara uma ultima vez o ip correto?
Sim! Se voce estiver no
Sim! Se voce estiver no gnu/linux, dá pra usar o proxychains para colocar outros proxys em corrente. Quando maior o número de intermediários randomizando a sua conexão final melhor. O defaut do Tor é fazer isso por 3 nós, mas você também pode configurá-lo para utilizar mais nós dentro da rede antes de sair.
Usar proxys tradicionais encadeados te garante que mesmo se o Tor for comprometido, alguém querendo te identificar precisaria ainda comprometer outra rede. Não é tarefa fácil. Mais simples é fazer engenharia social e esperar que você mesmo se entregue.
I recently read that tor was
I recently read that tor was compromised by the FBI, so is it still safe to use ? And whats up with tor mail ? I haven't been able to log on in nearly a month.
https://vbdvexcmqi.oedi.net/b
https://vbdvexcmqi.oedi.net/blog/tor-security-advisory-old-tor-browser-…
https://vbdvexcmqi.oedi.net/blog/hidden-services-current-events-and-fre…
Browser has no
Browser has no "Preferences"?
Or i'am blind?
I would like to include the
I would like to include the extension "Smart Referer" instead of RefControl. Is this ok or would I compromise my anonymity?
https://addons.mozilla.org/de/firefox/addon/smart-referer/
Hello there! I possibly will
Hello there! I possibly will have sworn I've been to this blog before excluding following browsing through some of the post I realized it's new to me. Anyhow, I'm certainly in high spirits I originate it and I'll live bookmarking and checking back frequently! look my website: #http://www.battlestrats.com/testforum/topic/12021-john-lewis-mens-barbo…
I installed tor according to
I installed tor according to the instructions for Ubuntu raring (13.04), which seemed to be successful; then downloaded and extracted the bundle as shown, with the only difference that I don't succeed to run the start-tor-browser file as executable. Any hints?
When trying to use the terminal to run it I get the error 'no such file' or similar.
So i think it's reliable way
So i think it's reliable way for us , i am not sure what the problem with my Firefox , but i know after install new version it's may be resolved. because after read above it's do same thing and get good results.
http://www.cdipress.com/
installed most recent
installed most recent windows update 2.3.25-12 and am still getting a yellow update signal. I am using Win8 64 bit (and yes I don't like it) I haven't had a problem before whenever I updated my Tor browser so I'm not sure what the problem is
What can be added to
What can be added to Traditional Chinese (zh-TW) version now?
So you're using Firefox 17,
So you're using Firefox 17, while Firfox is urging people to update to 23+?
Most of the inbetween fixes wer security fixes. How does that affect TOR browser bundles?
Firefox 17 is the
Firefox 17 is the ESR.
http://www.mozilla.org/en-US/firefox/organizations/