Tor Browser 5.0.3 is released

by gk | September 22, 2015

A new stable release for Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

We fixed a number of regressions from our switch to ESR 38 back in August and reduced keyboard layout fingerprinting to mention just some highlights.

These and all the other changes can be found in the complete changelog since 5.0.2:

  • All Platforms
    • Update Firefox to 38.3.0esr
    • Update Torbutton to 1.9.3.4
      • Bug 16887: Update intl.accept_languages value
      • Bug 15493: Update circuit display on new circuit info
      • Bug 16797: brandShorterName is missing from brand.properties
      • Bug 14429: Make sure the automatic resizing is disabled
      • Translation updates
    • Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
    • Bug 16837: Disable Firefox Hotfix updates
    • Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
    • Bug 16781: Allow saving pdf files in built-in pdf viewer
    • Bug 16842: Restore Media tab on Page information dialog
    • Bug 16727: Disable about:healthreport page
    • Bug 16783: Normalize NoScript default whitelist
    • Bug 16775: Fix preferences dialog with security slider set to "High"
    • Bug 13579: Update download progress bar automatically
    • Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
    • Bug 17046: Event.timeStamp should not reveal startup time
    • Bug 16872: Fix warnings when opening about:downloads
    • Bug 17097: Fix intermittent crashes when using the print dialog
  • Windows
    • Bug 16906: Fix Mingw-w64 compilation breakage
  • OS X
    • Bug 16910: Update copyright year in OS X bundles

Comments

Please note that the comment area below has been archived.

September 22, 2015

Permalink

Please help me, After My Tor Browser updated to 5.0.3 but my antivirus "Panda" deleted it. I lost all of my bridges and conditions.

Just started with TOR browser. Now that it's activated and protected, I want to use it privately, so that when another machine user is on (who can get in my identity) to check where I went online, needs to be deleted without a trace back. How do I ensure that I have cleared out any cookies or otherwise to identify which web sites I am on?
I know how to use programs but am not into code very well or IT stuff. Any clues how to clean out Tor's records of websites visited?

September 22, 2015

Permalink

I want to restore crashed sessions, and (better) be able to keep all open tabs when I close/open the Tor Browser.
Because of the lack of this things, I have using the old 3.5 version of TorBundle instead of new versions. Yes, this insecure, but I NEED TO KEEP the TABS session!

Hello, for that you should at least deactivate "Don't record browsing history or website data (enables Private Browsing Mode)" in your "Privacy and Security Settings".

September 22, 2015

Permalink

FIRST!
Oh wait this isn't YouTube
anyway, good update.
I've been waiting for GK to write this blog post
I knew there was Tor Browser 5.0.3 from Tails 1.6.0

September 23, 2015

Permalink

thanks

i would be great if Tor team make an application like :what's up ,Telegram and etc which works Anonymous

android applications are more practical and more effective.

Telegram is transfering their servers to iran

September 23, 2015

Permalink

Thank you very much for restoring sync!! It was a real pain to manually export and import bookmarks every day.

You're not going to get a consensus on what nodes to block, other than those nodes that tor blocks by itself. Not everyone has the same threat model and concerns you do.

September 23, 2015

Permalink

The Settings page now works as expected in High Security Mode. Thanks a lot for fixing this!

September 23, 2015

Permalink

When updating from within the Tor browser, rather than downloading again and comparing sig file, how safe is this from MMTM attack?

Pretty safe as the update files are signed with a key. Thus, assuming you meant a MITM attack, even if an attacker could be in the middle (which is not easy given we pin the certificate) they would still need to figure out how to get around the signature feature. Tor Browser won't accept update files with a wrong signature.

September 24, 2015

In reply to gk

Permalink

Thanks. Yes, I did mean MITM attack. This has cleared up my doubt on this issue. I use Gibson's site when downloading Tor afresh as another backup to check I'm actually contacting the actual Tor site:

https://www.grc.com/fingerprints.htm

I'd be interesting on any opinions on the usefulness of this.

September 26, 2015

In reply to gk

Permalink

Good question! I avoid attacks in this way:
1. Manually download corresponding .MAR file from Torproject.org distribution directory
2. Download and update Tor Browser with it's updater., But don't restart!
3. Compare checksums of downloaded MAR file with MAR file located in Tor Browser\Browser\TorBrowser\Data\Browser\Caches\Tor Browser\Browser\updates\0
4. If the checkums are exact, then the Browser is updated with the same MAR file that are distributed by Torproject. The MAR also is determenistic built, it means everyone with right tools and skills can recreate the exact file from source code.

September 23, 2015

Permalink

thanks for a great release! it is excellent to see how quickly the TBB team has 'caught up' with the firefox release cycle. auto-updating both firefox and TBB on the same day makes me happy.

September 23, 2015

Permalink

Last night it was no problem to use mail2tor. But today the link (.onion) doesn't work. Is there a problem? Although I updated the Tor Browser to 5.0.3. I don't think that should be a problem. Can anyone say something useful about this?

Mailt2Tor onion address doesn't work for me neither atm. Anyway this isn't torproject side, and you should contact Mail2Tor admins to get better info.

September 23, 2015

Permalink

Some porno sites are incompatible with Tor...why? Html 5? Flash? Help me!

September 24, 2015

Permalink

After upgrading to 5.0.3., i always get the same entry node (same ip), even if i restart tbb and/or computer. When i redownload and verify new tbb and launch it, i get a new entry node but then that one stays the same again, even if i relaunch it again.
Is this ok?

September 24, 2015

In reply to yawning

Permalink

Interesting about guards. I hadn't sufficiently taken the implications in myself.

A question: If the guard is being surveilled by the NSA, like Sebastian Hahn's is/was in Germany, what can the NSA actually learn as opposed to what they could learn if they ran the guard themselves?

September 24, 2015

Permalink

Meek runners like google have the history of working with NSA revealing by E.Snowden. If one connects to one of their server the IP maybe loged, it also logs how many times user uses their Meek every day, then can tell how you love Tor and how important your data is, why they don't send the logs to Chinese government if they want to earn more the Chinese money. Yes, government and runners work together, much easier to know you data.

recently, Meek is very easy to build the connection, that is never happen before, when the obfs3/4 isn't.

If the cloud provider(s) running the current meek entry points are adversaries in your model, don't use meek. I'm not sure what more there is to say about this. Yes it's bad that people are in bed with various governments? It is, but I don't know what people expect should happen here? Not offering meek?

September 25, 2015

Permalink

Sometimes, when pressing the Torbutton, the circuit view showing the three nodes isn't there. This also happened haphazardly in the previous versions. Is this a known issue? I couldn't find anything definitive on it.

September 30, 2015

In reply to gk

Permalink

It seems haphazard. My only guess is that it may be related to having a lot of tabs open, but can't say for certain as yet.

September 25, 2015

Permalink

After upgrading to Tor Browser 5.0.3, the tor button will not show the route of the network (those three green dots). Is this feature removed in 5.0.3?

September 25, 2015

Permalink

I'm using Windows. I downloaded TBB 5.0.3. After the update, two Https Everywhere addons appeared in the addons manager. This is the first time I can recall this ever happening. Do I just uninstall the oldest version? http://prntscr.com/8kc1bi

September 25, 2015

Permalink

This may have been mentioned previously, but on Win7 64bit, whenever TorBrowser is maximized it freezes the PC temporarily and occasionally causes aero to turn off. It seems rather than maximizing correctly, it creates a much larger, un-maximized version of itself, far larger than the actual screen (1080p).

September 25, 2015

Permalink

To clarify the maximized TorBrowser issue, this occurs only when setting the browser to display tabs from the previous session, and it's a 20+ tab session.

September 27, 2015

Permalink

download does not work at https://openload.co

{"status":403,"msg":"download ISP is different to request ISP. request: AS249xx download: AS161xx"}

in the last version of tor same problem

September 28, 2015

Permalink

hi,

i am unable to get tor-browser-linux64-5.0.3_en-US.tar.xz to work on openbsd.

can someone help me please?

September 29, 2015

In reply to gk

Permalink

This is #10763/#14942 in our bugtracker. So, there is no known fix for this issue available yet.

Hi gk:

Perhaps Tor developers would like to co-operate with the people who are porting Tor Browser Bundle to OpenBSD.

The latter's project is to be found at: https://github.com/torbsd/openbsd-ports

If you read the contents (of that web page) carefully, you won't want to use TBB offered (on that web page) because:

A. The version is 4.5.3 whereas the official TBB's version is 5.0.3
B. A warning that the TBB offered on that web page is experimental
C. It is not officially supported by The Tor Project

On a different note, I'm puzzled that the writer of the web page complained about This is because the Tor project chooses not to make source tarballs easily available for anything except tor itself (their gitian-based build process does not require them).

I wonder what Tor developers have to say about the writer's complaint.

September 28, 2015

Permalink

I am new on TOR and I am currently using version 5.0.3 TB and thank you for all the work already done.

What would be great:
- It would be to have a secure page translator and configured in TB ...
- It would be to have a secure, configured Meta search engine..

For cons, I'm surprised because I am an online browser security test site different and advice me to install a firewall for protection because a lot of ports are open !!!

The Windows firewall is not enough?

September 30, 2015

Permalink

Running 5.0.3 64bit on slackware it reports as 5.0.2 and "out of date" verified its sigs which report all good?

September 30, 2015

Permalink

Scrap that last, I just removed the dir and re extracted and its all good.
however, I never used to have to do this, just been extracting over exisiting has always worked till now!

Historically it hasn't always worked; Tor Browser's placement of files does change on occasion. While overwriting an old install does frequently work, Tor Browser isn't specifically designed to support it.

October 04, 2015

Permalink

Please make the version in the top right of the browser start page a link to these release notes. I end up having to search for them every time.

October 05, 2015

Permalink

@gk or other Tor developers

If a bridge was to change from a bridge to regular node, would Tor Browser know that it has changed and notify user (error message) or will users be still using it under the false impression that it is still a bridge?

October 05, 2015

Permalink

Is it possible to suddenly be on a non-Tor node? I periodically go to TorCheck at Xenobite.eu and was surprised to get the red message that my IP was not a Tor node. How is this possible? Error at TorCheck? Or can this happen? I immediately got a new identity, but I've never had that happen before and would appreciate hearing more. I have the IP address and the first three numbers coincide with a legitimate Tor node as shown at Tor Network Status but the forth number was outside of its range.

October 06, 2015

Permalink

Maybe a dumb question, but... where are the "cookies" now? How to I delete cookies that I don't want? What happened to the "cookie protection" that was available previously by clicking on the Onion icon?
Can anyone advise me? Thanks much!

October 11, 2015

Permalink

Hello
I want only inform you that both Tor Browser versions 5.0.2 and 5.0.3 have serious problems with websites like Facebook : no display picture, even no display page at all !
So, since these new releases, I continue to use Tor Broser version 4.0.
I'm on Macintosh Mac OS 10.7.5

October 11, 2015

Permalink

TorCheck at Xenobite.eu has three times this week told me I am not on Tor when I am, also disagreeing with the IP address shown by Torbutton, although in each case the IP address given by TorCheck is close to what Torbutton says but differing just slightly. Is there some new exploit we should know about, or is TorCheck getting flaky?

October 12, 2015

Permalink

Guys!
On windows I have 2different user! How can I setup and run 2 browser for each user?

October 14, 2015

Permalink

IP_check_info seems not to work, everytime it gives that horrible sign Warning: Your IP address is neither anonymized by JonDonym nor by Tor.
Start the test for details.. Each and every circuit...don't know why..

November 02, 2015

Permalink

Tor browser 5.0.3 Windows 8.1 error

Nov 02 22:17:25.424 [Error] getinfo_helper_dir(): Bug: control.c:1676: getinfo_helper_dir: Assertion md->body failed; aborting.

exit

Problem signature:
Problem Event Name: APPCRASH
Application Name: tor.exe
Application Version: 0.0.0.0
Application Timestamp: 51c7a86f
Fault Module Name: tor.exe
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 51c7a86f
Exception Code: 40000015
Exception Offset: 00047620
OS Version: 6.3.9600.2.0.0.256.48
Locale ID: 1033
Additional Information 1: 56b8
Additional Information 2: 56b8c5099db901aa6e03d7c4aeaeb9e8
Additional Information 3: 07f1
Additional Information 4: 07f1cf8fe22d7a34ccd35cc17b00ede8

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=280262

If the online privacy statement is not available, please read our privacy statement offline:
C:\WINDOWS\system32\en-US\erofflps.txt