Tor Browser 5.5a6 is released

by gk | January 7, 2016

A new alpha Tor Browser release is available for download in the 5.5a6 distribution directory and on the alpha download page.

This release features an important fix for a crash bug in one of our patches. All users are encouraged to update immediately as this bug is probably exploitable if JavaScript is enabled. The bug was not exploitable at High security level, or on non-HTTPS websites at Medium-High security level.

In the past, signing Windows .exe files on a Linux machine caused verification errors on some Windows 10 systems. This should be fixed by adding the intermediate certificate in the signing process now.

Here is the complete changelog since 5.5a5:

  • All Platforms
    • Update NoScript to 2.9
    • Update HTTPS Everywhere to 5.1.2
    • Bug 17931: Tor Browser crashes in LogMessageToConsole()
    • Bug 17875: Discourage editing of torrc-defaults
    • Bug 17870: Add intermediate certificate for authenticode signing

Comments

Please note that the comment area below has been archived.

Anonymous (not verified) said:

January 08, 2016

Permalink

During an attempt to update to 5.5a6, my Firewall-suite isolated the updater and flagged it as an unrecognized executable. After restarting the browser, about:tor was not present, but a changelog appeared as the start screen, however there were no change log entries shown; just a blank page. Did my TB not fully update to 5.5a6? I'm confused because about:tor indicates that I'm using 5.5a6 & when I check for updates under the green onion icon, the Software Update window indicates that there are no updates available.

Anonymous (not verified) said:

January 10, 2016

Permalink

Hmm; Well I'm concerned that my firewall/defense-suite didn't allow the updater to actually update, rather than a disabled JS preventing the changelog from appearing like ticket #17917.Is there a way for me to revert back to the previous alpha release, and then back to 5.5a6? Or find out whether #17931 was patched? Thanks gk, I just want to be sure that I'm not opening myself up to a potential JS exploit. I have to constantly enable it because of CL0uDFL@RE requiring it everywhere.

Anonymous (not verified) said:

January 11, 2016

Permalink

Hi all, as per my understanding, the TOR protocol protects network traffic through the TOR network. However, what happens if the hacker is spying through the user's computer such as through a malicious program? I know that there are certain techniques such as sandboxing which may help isolate the tbb from other say malicious app? (ref #7008). is that already implemented in the latest release?

Anonymous (not verified) said:

January 15, 2016

Permalink

gk, text 32/64-bit under MS Win on the download page means combined TB bundle instead of version of OS. Please, correct.

Anonymous (not verified) said:

January 26, 2016

Permalink

I use this version ( 5.5.6a ) and the normal version ( 5.0.7 ).
After two weeks I noticed that the first ip address, after "this browser" in the onion menu ( tor circuit for this site ) changed and now is the same for both version of Tor browsers. So the normal version and the alpha one have the same ip address.

Is that ip address Tor Entry Guards? ( I suppose yes )
Why I have that same ip on different versions of Tor Browser?
Could you please take a look at this ip address if it could be suspicious?
Could a suspicious Entry Guard try to get connected through a suspicious Exit Node?

I think I'm targeted but I not sure, I'm a "normal" user.

Could you tell me the best/official way to reset/change Tor Entry Guard?
Could you tell me the best/official way to run multiple istances of Tor Browser?

The suspicious ip address is: 124.6.36.230

Cheers by,
A Person Like You