Tor Browser 7.5.5 is released
Tor Browser 7.5.5 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This release updates Firefox to 52.8.1esr. In addition, we had to remove the amazon-meek pluggable transport.
The full changelog since Tor Browser 7.5.4 is:
- All platforms
- Update Firefox to 52.8.1esr
- Bug 26098: Remove amazon-meek
Comments
Please note that the comment area below has been archived.
CVE-2018-6126: Heap buffer…
CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia
Another one hole in google's backdoor? Surprise, surprise...
Ого... (((
Ого... (((
thanks
thanks
thx. could you update the…
thx.
could you update the blog ('Tor Browser 7.5.5 is released' is not visible) pls ?
> we had to remove the…
> we had to remove the amazon-meek pluggable transport.
Tragic.
Amazon's biggest customer is CIA, as some of us tried to warn over the past two years, so TP should have foreseen the demise of domain-fronting. You were so warned.
Please, TP, don't make the same mistake again by trusting the companies (such as Google) which are salivating over the prospect of becoming a permanent member of the US Surveillance-Industrial complex.
TP must find sources of funding other than USG or their public-private partners (BBG) and "benign" sponsorships such as "Google Summer of Code" from companies like Google.
If TP cannot look to "benign" USG agencies (like RFA) or "benign" multinational corporate partners of USG (like Google)--- because Yasha Levine is correct when he argues that there is no such thing as a "benign" partner of a government which seeks global hegemony--- who does that leave? Ordinary people.
This is why it is so worrisome that:
o the new TP ED has said nothing about whether she intends to continue Shari's attempts to move TP funding to a user-funded model similar to EFF,
o the long overdue TP financials have *still* not been posted, with no explanation of the hangup or any firm deadlines being offered.
And what about the PKI cert issue for this very blog? What's up with that?
Mozilla needs to ditch this…
Mozilla needs to ditch this C++ Skia library or whatever (i don't even know what it does) with the written in Rust pathfinder https://github.com/pcwalton/pathfinder ASAP (ESR users - i.e. Tor - will still have to deal with all the Skia nonsense for quiet some time)
make sizing adjustment for…
make sizing adjustment for each website for user and add to memory for re-boot
schweppes
schweppes
How's about NOT auto…
How's about NOT auto-updating my software, making me think I've been the victim of an automated attack?!
Prompting prominently, is acceptable.
Then I can download the update, verify it, and install it CLEANLY.
This is security best-practice. You're breaking that like Microsoft does - with the assumption that FORCING everyone to do it means more people are going to be updated and the 'herd' is overall less vulnerable.
Other people's laziness for such an easy-to-achieve operation is NOT my problem to suffer abuse over.
Whilst BLIND acceptance of updates (from which IP? I had no way to verify - HOW do I verify? It is safer to assume hostile environment, and I am suffering a potential VPNFilter infection, so no way do I trust things blindly at the moment.
But hey, what do I know, I only administrate my own equipment - you _must_ know better... sure...(!)
The automatic updates should…
The automatic updates should be safe even with a hostile network:
https://decvnxytmk.oedi.net/projects/torbrowser/design/#update-safety
Automatic updates are enabled by default because this is what most users want, especially those that do not know how to change preferences. For advanced users that want more control over how updates are installed it is still possible to disable automatic updates by setting app.updates.auto to false:
http://kb.mozillazine.org/App.update.auto
Yes, Knowing, like Microsoft…
Yes, Knowing, like Microsoft does. They do go after you and FORCE their updates which, for my computer, leaves it a little worse off almost every time. I now try to prolong the agony of their mostly unnecessary "updates". They usually sneak them in anyway and tell very little what they did. Tor is much more transparent and trustworthy. Thank you Tor, this time worked like a charm.
Rather trust in the fix`s…
Rather trust in the fix`s rather than in the belief it runs ok for now.
about:preferences#advanced …
about:preferences#advanced (Options)
"update" in top 'tabs'
click your choices
Plus one.
Plus one.
The op is correct. Automated…
The op is correct. Automated updates from an unverifiable source is getting into Doze territory (aka proprietary non GNU-Linux hell). If people are incapable of updating a browser, an argument may be made that they are not intelligent enough to use TOR and should consider using Doze and Internet Explorer in perpetuity. You deserve what you teach yourself to deserve.
danke für Ihre arbeit. ich…
danke für Ihre arbeit. ich stamme aus deutschland und habe den 2.weltkrieg durchlebt. werden Sie auch vom siegeswillen getragen!
tor browser
tor browser
thanks for browser new
thanks for browser new i hope flash plyer open
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…
superb
superb
Thank you :-)... Works like…
Thank you :-)... Works like a charm.
Hi Just downloaded the…
Hi
Just downloaded the latest version 7.5.5 and TOR browser just said goodbye.!!! :)
It does not start. Have tried many different ways it just would not start. Simple as that.
Even started the Vidalia to see if that will be able to connect to TOR servers, it did but the TOR 7.5.5 would not.
Please help
What happens when you try to…
What happens when you try to run Tor Browser? Do you have an error message? And did previous versions of Tor Browser work on this computer?
I get this problem too in…
I get this problem too in Win 7. Previous version tor browser still works ok. Please help.
Same problem here, shows…
Same problem here, shows unable to connect to tor port. Please help. 7.5.4 is ok.
I have the same problem. Tor…
I have the same problem. Tor does not start. Nothing happens. It worked before. No error message. I am using Endless-OS (Linux). There was also an OS update. Also tried newer beta version without success.
I know it's not related but…
I know it's not related but is a new design for this blog coming?
I don't know what happened between this version and the old one (with green background) but this one is really disappointing.
- page title is "Tor Blog |" and should be without the "|" (yes I'm finicky)
- plain white background everywhere (except footer)
- big pixelated pictures for each articles
- excerpt feels like the legend of the above picture, also the interline space is odd (too big)
- "add a comment" box is nearer the below article than the one it's supposed to be with
- font sizes in general...
The blog feels like a default amateurish wordpress theme with the brand color of Tor for the texts.
I remember reading good articles on this blog in the past but this new design makes it painful to read or scroll anything.
Please rollback to the old design where you could see each element in a concise way.
Sorry for the rant, this is because I really care about Tor and hate seeing things going obviously wrong.
Seems to be working for me.
Seems to be working for me.
gpg: BAD signature from "Tor…
gpg: BAD signature from "Tor Browser Developers (signing key) " [unknown]
On which file do you have…
On which file do you have this error, and which gpg command did you use?
Interesting. FWIW, I always…
Interesting. FWIW, I always check the detached sig and I did not experience this issue with the TB-7.5.5 tarball.
Is this a joke? Where is…
Is this a joke?
Where is the new Tor?
This Tor Browser version was…
This Tor Browser version was an emergency release to fix an important issue in Firefox. As we did not have a lot of time to prepare this update and to avoid any risk we did not include other changes.
hey! you have new tor since…
hey! you have new tor since 22 may!
Good
Good
Just remember that Tor is…
Just remember that Tor is updated only after the NSA and FBI have conducted their investigations. Remember when Dingledine let CMU run its attack? Tor is consumer grade security.
You are still out there.
You are still out there.
Those claims are false. You…
Those claims are false. You should provide same facts that back them up.
Thanks for a job well done!!…
Thanks for a job well done!!! I love feeling free and protected! MD Simi Valley. CA
Why not with Tor 0.3.3.6…
Why not with Tor 0.3.3.6 stable?
This Tor Browser version was…
This Tor Browser version was an emergency release to fix an important issue in Firefox. As we did not have a lot of time to prepare this update and to avoid any risk we did not include other changes.
Where is the source code for…
Where is the source code for Tor Browser Bundle?
You can find information…
You can find information about this in the Tor Browser Hacking Guide:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking
Hello, I have an issue…
Hello, I have an issue. Whenever I try to watch any video, I get the following error message: "no video with supported format and mime type found". I've tried everything I've found online but haven't found a solution yet. Could anyone please help?
Which operating system are…
Which operating system are you on and what would be an example video triggering that?
Click on the no script icon…
Click on the no script icon and then on the puzzle and on "temporarily allow video/..."
reload!
reload!
meek_lite in Whonix 14 doesn…
meek_lite in Whonix 14 doesn't work.
super
super
Security Problem
Security Problem
just imagine that all hcaker…
just imagine that all hcaker meeting in a one site .......
You mean this blog? We're…
You mean this blog? We're privacy advocates and human rights advocates, not (for the most part) hackers.
But take a look at the PKI certificate for vbdvexcmqi.oedi.net. Weird, ain't it? Not a certificate controlled by Tor Project, and it is shared with numerous other domains including a company called forensicon.com. Makes you think, huh? Especially since TP is refusing to answer questions about it.
The PKI cert for decvnxytmk.oedi.net looks fine, BTW.
good
good
palemoon has this function: …
palemoon has this function:
Tools>Preference>Content
Load images: Automatically,Never,Originating server only
Hop TOR has the function too. Thanks
This can be configured by…
This can be configured by changing the preference permissions.default.image:
http://kb.mozillazine.org/Permissions.default.image
However changing this preference will modify your fingerprint, making you less anonymous since the number of users changing this preference is probably low.
If you find that "Tor is too…
If you find that "Tor is too slow", the most effective ways of fixing that in Tor Browser are to use about:config to change that setting to value "2", and also to change javascript:enabled to FALSE. EFF's panopticlick appears to suggest that most Tor Browser users are making these changes.
arma never did explain why Rachel isn't working for TB instead of DARPA, regarding increasing entropy of posts like this one to make stylometry more difficult. That's too bad for us..
Changing those settings is a…
Changing those settings is a bad advice as it makes you stand out as a Tor Browser user. And, no, EFF's panopticlick is not a good test for that as its results are skewed due to non-Tor Browsers counting here as well. We are working on a better test for that which you can try out at https://fpcentral.tbb.torproject.org/ it's a beta version still, though.
OK, well gk knows much more…
OK, well gk knows much more than I, so everyone should probably follow his advice, not mine.
I'd just ask that TP make sure someone (gk or nm mebbe) is looking into how the demise of net neutrality might affect ordinary Tor users. I think best judgment on issues involving how Tor interacts with the wider internet (e.g. CDNs, anti-DDOS screeners, new EU laws, new US laws, continued internecine warfare among media sites and with the US White House, etc.) is likely to change in coming months.
Nice...
Nice...
I AM WAITING FOR YOUR UPDATE.
I AM WAITING FOR YOUR UPDATE.
hi. i am one of the admirers…
hi.
i am one of the admirers of tor browser.
please indicate how to deal with a very disturbing reCHAPTCHA.
I want my tor browser can automatically execute reCHAPTCHA.
Please inform us how to solve it
Herrysequis@gmail.com
best regards,
Herry :)
> I want my tor browser can…
> I want my tor browser can automatically execute reCHAPTCHA.
But isn't the whole idea of CAPTCHA to prevent bots from pretending to be humans?
For me - everithing is goog…
For me - everithing is goog with this update. (win7 32bit)
wth with pagination without…
wth with pagination without js on this blog?
Yeah, the blog does not work…
Yeah, the blog does not work pretty well without JavaScript enabled, see: https://trac.torproject.org/projects/tor/ticket/22530.
https://vbdvexcmqi.oedi.net…
https://vbdvexcmqi.oedi.net/tor-browser-755-released?page=2%2C0
wth? (and js temp on)
Should be fixed now, sorry…
Should be fixed now, sorry for the inconvenience.
The website encountered an…
The website encountered an unexpected error. Please try again later.Drupal\Component\Plugin\Exception\PluginNotFoundException: The "entity_form_display" entity type does not exist. in Drupal\Core\Entity\EntityTypeManager->getDefinition() (line 133 of core/lib/Drupal/Core/Entity/EntityTypeManager.php).
thanks
thanks
where is my comment about…
where is my comment about bug with youtube?
WTH?
am getting this message…
am getting this message when trying to change to new identity
Torbutton: Unexpected error on new identity: [Exception... "Component returned failure code: 0x80520010 (NS_ERROR_FILE_NO_DEVICE_SPACE) [nsIPrefService.savePrefFile]" nsresult: "0x80520010 (NS_ERROR_FILE_NO_DEVICE_SPACE)" location: "JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_do_new_identity :: line 1215" data: no]
and then the whole page goes what and have to restart tor which seems to take forever to launch...
Torbutton: Unexpected error…
Torbutton: Unexpected error on new identity: [Exception... "Component returned failure code: 0x80520010 (NS_ERROR_FILE_NO_DEVICE_SPACE) [nsIPrefService.savePrefFile]" nsresult: "0x80520010 (NS_ERROR_FILE_NO_DEVICE_SPACE)" location: "JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_do_new_identity :: line 1215" data: no]
y tor/duckduck now blocking…
y tor/duckduck now blocking sites that bing accesses with no problem
mucho bueno firefox
mucho bueno firefox
Mac Experiencing constant…
Mac
Experiencing constant slow uploading failures, increased time from 15 minutes to hours and eventual upload stuck.
Attempting to install 7.5.4 dmg wont open. The following disk images could't be opened. TorBrowser-7.5.4-osx6 Operation timed out.
Attempted to open 7.5.5 dmg won't open. The following disk images could't be opened. TorBrowser-7.5.5-osx6 Operation timed out.
Second attempt complete failure opening dmg for both versions. Must re download to get your one attempt. which fails with above message.
good
good
Mac. Mac dmg's 7.5.5 & 7.5.4…
Mac.
Mac dmg's 7.5.5 & 7.5.4 won't open. I let them update. Wanted to roll back.
7.5.5 running very slow, unusual, hanging compared to 7.5.4.
Higher and higer GFW, less…
Higher and higer GFW, less and less Plugintransports. We need more kinds of Bridge. FTE has not been updated for 3 years. What's next we will lose? Oh,god.
Thanks so much for this.
Thanks so much for this.
In next esr, August, GUI is…
In next esr, August, GUI is only visible with JavaScript on?
That would be ...ehm ...weird?
Mac dmg's now opening. Mac 7…
Mac dmg's now opening.
Mac 7.5.5 hanging, stall out, lack of performance, uploading failure & unbearable tasks take longer & fail.
On a Mac OS I see 4 bridges,…
On a Mac OS I see 4 bridges, obfs4, obfs3, meek amazon(works in China) and meek-azure(works in china) how does the removal of the Amazon transport bug26098 affect these bridges? Is meek amazon(works in China) related?
The meek-amazon option is…
The meek-amazon option is not available anymore. All other options are unaffected.
Tor seems to remember all of…
Tor seems to remember all of the URL history from previous sessions, when I try to manually enter a new URL. That surprises me since Tor does NOT remember browser history. Is there a way to configure this behavior?
Could it be that you…
Could it be that you accidentally bookmarked those URLs? By default Tor Browser is not keeping the history across session restarts.
I did NOT say the Tor…
I did NOT say the Tor Browser history was preserved. The history page (ctrl+h) is always empty. What is being preserved is the *URL type-ahead* history. If I go to enter the website in the URL entry area at the top, Tor is matching the leading substring of anything I type. Are you saying those matches are confined to just the entries that I have permanently bookmarked? So that is a bookmark matching feature?
There's something wrong with…
There's something wrong with FF 52.8.1.
I'm using non e10 add-ons and after updating https everywhere
Multiprocess Windows 0/1 (Disabled by add-ons) changes to 1/1 (Enabled by default).
New Identity makes the TBB window moving step by step across the screen.
Platform Windows, maybe somebody can confirm.
Mac 7.5.5 Constant problems…
Mac 7.5.5
Constant problems Uploading, even loading a page, takes hours to perform a task.
Hanging, stall out, lack of performance, uploading failure & unbearable tasks take longer & fail.
I have to roll back a version to get it to work, but it still takes hours as it also attempting to upload to 7.5.5 at the same time. I've never seen anything extremely wrong with Tor till this version.
When will this be verified?
Mac Problem loading page…
Mac
Problem loading page. The connection has timed out. Uploads have gone from a couple minutes to over an hour or
never finishing.
how the fuck Noscript was…
how the fuck Noscript was updated if it wasn't in alpha?
i like tor, but not always…
i like tor, but not always use it
Very important comment. I…
Very important comment.
I wish to thank you very, very much for this modification to my browser. It makes me feel really good.
I am living in a dump like…
I am living in a dump like India and very much fed up with Google and Microsoft. as they always give hand third party to surveil its client..Thank you TOR to let us roaming freely in this beautiful virtual world..
tor browser is kind of…
tor browser is kind of better than any other browser, such as user-friendly.
HTTPSE 2018.6.21 Ruleset…
HTTPSE 2018.6.21
Ruleset update for EFF (Full): 2018.6.19
WTF?
I don't see any difference…
I don't see any difference at all.
cool browser
cool browser
so do we have to delete tor…
so do we have to delete tor or does it auto update
It autoupdates.
It autoupdates.