AfterDawn > Downloads > Netwerk > Webbrowsers > Tor Browser Bundle > Versie historie

Versie historie van Tor Browser Bundle

<<Terug naar software beschrijving

Veranderingen voor v9.0.6 - v9.0.7

All Platforms
Bump NoScript to 11.0.19
Bump Https-Everywhere to 2020.3.16
Bug 33613: Disable Javascript on Safest security level
Windows + OS X + Linux
Bump Tor to 0.4.2.7

Veranderingen voor v9.0 - v9.0.1

All Platforms
Update NoScript to 11.0.4
Bug 21004: Don't block JavaScript on onion services on medium security
Bug 27307: NoScript marks HTTP onions as not secure
Bug 30783: Fundraising banner for EOY 2019 campain
Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
Bug 27268: Preferences clean-up
Windows + OS X + Linux
Update Tor Launcher to 0.2.20.2
Bug 32164: Trim each received log line from tor
Translations update
Bug 31803: Replaced about:debugging logo with flat version
Bug 31764: Fix for error when navigating via 'Paste and go'
Bug 32169: Fix TB9 Wikipedia address bar search
Bug 32210: Hide the tor pane when using a system tor
Bug 31658: Use builtin --panel-disabled-color for security level text
Bug 32188: Fix localization on about:preferences#tor
Bug 32184: Red dot is shown while downloading an update

Veranderingen voor v8.5.4 - v9.0

All Platforms
Update Firefox to 68.2.0esr
Bug 31740: Remove some unnecessary RemoteSettings instances
Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
Bug 28196: about:preferences is not properly translated anymore
Bug 19417: Disable asmjs on safer and safest security levels
Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
Bug 31935: Disable profile downgrade protection
Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
Bug 31602: Remove Pocket indicators in UI and disable it
Bug 31914: Fix eslint linter error
Bug 30429: Rebase patches for Firefox 68 ESR
Bug 31144: Review network code changes for Firefox 68 ESR
Bug 10760: Integrate Torbutton into Tor Browser directly
Bug 25856: Remove XUL overlays from Torbutton
Bug 31322: Fix about:tor assertion failure debug builds
Bug 29430: Add support for meek_lite bridges to bridgeParser
Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
Bug 30683: Prevent detection of locale via some *.properties
Bug 31298: Backport patch for #24056
Bug 9336: Odd wyswig schemes without isolation for browserspy.dk
Bug 27601: Browser notifications are not working anymore
Bug 30845: Make sure internal extensions are enabled
Bug 28896: Enable extensions in private browsing by default
Bug 31563: Reload search extensions if extensions.enabledScopes has changed
Bug 31396: Fix communication with NoScript for security settings
Bug 31142: Fix crash of tab and messing with about:newtab
Bug 29049: Backport JS Poison Patch
Bug 25214: Canvas data extraction on locale pdf file should be allowed
Bug 30657: Locale is leaked via title of link tag on non-html page
Bug 31015: Disabling SVG hides UI icons in extensions
Bug 30681: Set security.enterprise_roots.enabled to false
Bug 30538: Unable to comment on The Independent Newspaper
Bug 31209: View PDF in Tor Browser is fuzzy
Translations update
Windows + OS X + Linux
Update Tor to 0.4.1.6
Update OpenSSL to 1.1.1d
Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures
Update Tor Launcher to 0.2.20.1
Bug 28044: Integrate Tor Launcher into tor-browser
Bug 32154: Custom bridge field only allows one line of input
Bug 31286: New strings for about:preferences#tor
Bug 31303: Do not launch tor in browser toolbox
Bug 32112: Fix bad & escaping in translations
Bug 31491: Clean up the old meek http helper browser profiles
Bug 29197: Remove use of overlays
Bug 31300: Modify Tor Launcher so it is compatible with ESR68
Bug 31487: Modify moat client code so it is compatible with ESR68
Bug 31488: Moat: support a comma-separated list of transports
Bug 30468: Add mk locale
Bug 30469: Add ro locale
Bug 30319: Remove FTE bits
Translations update
Bug 32092: Fix Tor Browser Support link in preferences
Bug 32111: Fixed issue parsing user-provided bridge strings
Bug 31749: Fix security level panel spawning events
Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
Bug 28044: Integrate Tor Launcher into tor-browser
Bug 31059: Enable Letterboxing
Bug 30468: Add mk locale
Bug 30469: Add ro locale
Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
Bug 31251: Security Level button UI polish
Bug 31344: Register SecurityLevelPreference's 'unload' callback
Bug 31286: Provide network settings on about:preferences#tor
Bug 31886: Fix ko bundle bustage
Bug 31768: Update onboarding for Tor Browser 9
Bug 27511: Add new identity button to toolbar
Bug 31778: Support dark-theme for the Circuit Display UI
Bug 31910: Replace meek_lite with meek in circuit display
Bug 30504: Deal with New Identity related browser console errors
Bug 31929: Don't escape DTD entity in ar
Bug 31747: Some onboarding UI is always shown in English
Bug 32041: Replace = with real hamburguer icon ≡
Bug 30304: Browser locale can be obtained via DTD strings
Bug 31065: Set network.proxy.allow_hijacking_localhost to true
Bug 24653: Merge securityLevel.properties into torbutton.dtd
Bug 31164: Set up default bridge at Karlstad University
Bug 15563: Disable ServiceWorkers on all platforms
Bug 31598: Disable warning on window resize if letterboxing is enabled
Bug 31562: Fix circuit display for error pages
Bug 31575: Firefox is phoning home during start-up
Bug 31491: Clean up the old meek http helper browser profiles
Bug 26345: Hide tracking protection UI
Bug 31601: Disable recommended extensions again
Bug 30662: Don't show Firefox Home when opening new tabs
Bug 31457: Disable per-installation profiles
Bug 28822: Re-implement desktop onboarding for ESR 68
Windows
Bug 31942: Re-enable signature check for language packs
Bug 29013: Enable stack protection for Firefox on Windows
Bug 30800: ftp:// on Windows can be used to leak the system time zone
Bug 31547: Back out patch for Mozilla's bug 1574980
Bug 31141: Fix typo in font.system.whitelist
Bug 30319: Remove FTE bits
OS X
Bug 30126: Make Tor Browser compatible with macOS 10.15
Bug 31607: App menu items stop working on macOS
Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup()
Bug 29818: Adapt #13379 patch for 68esr
Bug 31464: Meek and moat are broken on macOS 10.9 with Go 1.12
Linux
Bug 31942: Re-enable signature check for language packs
Bug 31646: Update abicheck to require newer libstdc++.so.6
Bug 31968: Don't fail if /proc/cpuinfo is not readable
Bug 24755: Stop using a heredoc in start-tor-browser
Bug 31550: Put curly quotes inside single quotes
Bug 31394: Replace "-1" with "−1" in start-tor-browser.desktop
Bug 30319: Remove FTE bits
Android
Update Tor to 0.4.1.5
Bug 31010: Rebase mobile patches for Fennec 68
Bug 31010: Don't use addTrustedTab() on mobile
Bug 30607: Support Tor Browser running on Android Q
Bug 31192: Support x86_64 target on Android
Bug 30380: Cancel dormant by startup
Bug 30943: Show version number on mobile
Bug 31720: Enable website suggestions in address bar
Bug 31822: Security slider is not really visible on Android anymore
Bug 24920: Only create Private tabs in permanent Private Browsing Mode
Bug 31730: Revert aarch64-workaround against JIT-related crashes
Bug 32097: Fix conflicts in mobile onboarding while rebasing to 68.2.0esr
Build System
All Platforms
Bug 30585: Provide standalone clang 8 project across all platforms
Bug 30376: Use Rust 1.34 for Tor Browser 9
Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
Bug 31621: Fix node bug that makes large writes to stdout fail
Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
Bug 31293: Make sure the lo interface inside the containers is up
Bug 27493: Clean up mozconfig options
Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68
Windows
Bug 29307: Use Stretch for cross-compiling for Windows
Bug 29731: Remove faketime for Windows builds
Bug 30322: Windows toolchain update for Firefox 68 ESR
Bug 28716: Create mingw-w64-clang toolchain
Bug 28238: Adapt firefox and fxc2 projects for Windows builds
Bug 28716: Optionally omit timestamp in PE header
Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
Bug 9898: Provide clean fix for strcmpi issue in NSPR
Bug 29013: Enable stack protection support for Firefox on Windows
Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
Bug 31584: Clean up mingw-w64 project
Bug 31596: Bump mingw-w64 version to pick up fix for #31567
Bug 29187: Bump NSIS version to 3.04
Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump
Bug 29319: Remove FTE support for Windows
OS X
Bug 30323: MacOS toolchain update for Firefox 68 ESR
Bug 31467: Switch to clang for cctools project
Bug 31465: Adapt tor-browser-build projects for macOS notarization
Linux
Bug 31448: gold and lld break linking 32bit Linux bundles
Bug 31618: Linux32 builds of Tor Browser 9.0a6 are not matching
Bug 31450: Still use GCC for our ASan builds
Bug 30321: Linux toolchain update for Firefox ESR 68
Bug 30736: Install yasm from wheezy-backports
Bug 31447: Don't install Python just for Mach
Bug 30448: Strip Browser/gtk2/libmozgtk.so
Android
Bug 30324: Android toolchain update for Fennec 68
Bug 31173: Update android-toolchain project to match Firefox
Bug 31389: Update Android Firefox to build with Clang
Bug 31388: Update Rust project for Android
Bug 30665: Get Firefox 68 ESR working with latest android toolchain
Bug 30460: Update TOPL project to use Firefox 68 toolchain
Bug 30461: Update tor-android-service project to use Firefox 68 toolchain
Bug 28753: Use Gradle with --offline when building the browser part
Bug 31564: Make Android bundles based on ESR 68 reproducible
Bug 31981: Remove require-api.patch
Bug 31979: TOPL: Sort dependency list
Bug 30665: Remove unnecessary build patches for Firefox

Veranderingen voor v8.5.2 - v8.5.3

* All platforms
* Pick up fix for Mozilla's bug 1560192

Veranderingen voor v8.5 - v8.5.2

Tor Browser 8.5.2 -- June 19 2019
* All platforms
* Pick up fix for Mozilla's bug 1544386
* Update NoScript to 10.6.3
* Bug 29904: NoScript blocks MP4 on higher security levels
* Bug 30624+29043+29647: Prevent XSS protection from freezing the browser
Tor Browser 8.5.1 -- June 4 2019
* All platforms
* Update Torbutton to 2.1.10
* Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
* Bug 30464: Add WebGL to safer descriptions
* Translations update
* Update NoScript to 10.6.2
* Bug 29969: Remove workaround for Mozilla's bug 1532530
* Update HTTPS Everywhere to 2019.5.13
* Bug 30541: Disable WebGL readPixel() for web content
* Windows + OS X + Linux
* Bug 30560: Better match actual toolbar in onboarding toolbar graphic
* Bug 30571: Correct more information URL for security settings
* Android
* Bug 30635: Sync mobile default bridges list with desktop one
* Build System
* All platforms
* Bug 30480: Check that signed tag contains expected tag name

Veranderingen voor v8.0.8 - v8.0.9

All platforms
Update Torbutton to 2.0.13
Bug 30388: Make sure the updated intermediate certificate keeps working
Backport fixes for bug 1549010 and bug 1549061
Bug 30388: Make sure the updated intermediate certificate keeps working
Update NoScript to 10.6.1
Bug 29872: XSS popup with DuckDuckGo search on about:to

Veranderingen voor v8.0.7 - v8.0.8

All platforms
Update Firefox to 60.6.1esr
Update NoScript to 10.2.4
Bug 29733: Work around Mozilla's bug 1532530

Veranderingen voor v8.0.6 - v8.0.7

All platforms
Update Firefox to 60.6.0esr
Update Tor to 0.3.5.8
Bug 29660: XMPP can not connect to SOCKS5 anymore
Update Torbutton to 2.0.11
Bug 29021: Tell NoScript it is running within Tor Browser
Windows
Bug 29081: Harden libwinpthread

Veranderingen voor v8.0.5 - v8.0.6

All platforms
Update Firefox to 60.5.1esr
Update HTTPS Everywhere to 2019.1.31
Bug 29378: Remove 83.212.101.3 from default bridges
Build System
All Platforms
Bug 29235: Build our own version of python3.6 for HTTPS Everywhere

Veranderingen voor v8.0.1 - v8.0.2

All platforms
Update Firefox to 60.2.1esr
Backport fix for Mozilla bug 1493900 and 1493903
OS X
Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility

Veranderingen voor v8.0 - v8.0.1

All platforms
Update Tor to 0.3.4.8
Update Torbutton to 2.0.7
Bug 27097: Tor News signup banner
Bug 27663: Add New Identity menuitem again
Bug 26624: Only block OBJECT on highest slider level
Bug 26555: Don't show IP address for meek or snowflake
Bug 27478: Torbutton icons for dark theme
Bug 27506+14520: Move status version to upper left corner for RTL locales
Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
Bug 27558: Update the link to "Your Guard note may not change" text
Translations update
Update Tor Launcher to 0.2.16.6
Bug 27469: Adapt Moat URLs
Translations update
Clean-up
Update NoScript to 10.1.9.6
Bug 27763: Restrict Torbutton signing exemption to mobile
Bug 26146: Spoof HTTP User-Agent header for desktop platforms
Bug 27543: QR code is broken on web.whatsapp.com
Bug 27264: Bookmark items are not visible on the boomark toolbar
Bug 27535: Enable TLS 1.3 draft version
Backport of Mozilla bug 1490585, 1475775, and 1489744
OS X
Bug 27482: Fix crash during start-up on macOS 10.9.x systems

Veranderingen voor v7.5.1 - v7.5.2

Update Firefox to 52.7.2esr

Veranderingen voor v7.0.11 - v7.5

All Platforms
Update Firefox to 52.6.0esr
Update Tor to 0.3.2.9
Update OpenSSL to 1.0.2n
Update Torbutton to 1.9.8.5
Bug 21847: Update copy for security slider
Bug 21245: Add da translation to Torbutton and keep track of it
Bug 24702: Remove Mozilla text from banner
Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
Translations update
Update Tor Launcher to 0.2.14.3
Bug 23262: Implement integrated progress bar
Bug 23261: implement configuration portion of new Tor Launcher UI
Bug 24623: Revise "country that censors Tor" text
Bug 24624: tbb-logo.svg may cause network access
Bug 23240: Retrieve current bootstrap progress before showing progress bar
Bug 24428: Bootstrap error message sometimes lost
Bug 22232: Add README on use of bootstrap status messages
Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
Translations update
Update HTTPS Everywhere to 2018.1.11
Update NoScript to 5.1.8.3
Bug 23104: CSS line-height reveals the platform Tor Browser is running on
Bug 24398: Plugin-container process exhausts memory
Bug 22501: Requests via javascript: violate FPI
Bug 24756: Add noisebridge01 obfs4 bridge configuration
Windows
Bug 16010: Enable content sandboxing on Windows
Bug 23230: Fix build error on Windows 64
OS X
Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
Bug 23025: Add some hardening flags to macOS build
Linux
Bug 23970: Make "Print to File" work with sandboxing enabled
Bug 23016: "Print to File" is broken on some non-english Linux systems
Bug 10089: Set middlemouse.contentLoadURL to false by default
Bug 18101: Suppress upload file dialog proxy bypass (linux part)
Android
Bug 22084: Spoof network information API
Build System
All Platforms
Switch from gitian/tor-browser-bundle to rbm/tor-browser-build
Windows
Bug 22563: Update mingw-w64 to fix W^X violations
Bug 20929: Bump GCC version to 5.4.0
Linux
Bug 20929: Bump GCC version to 5.4.0
Bug 23892: Include Firefox and Tor debug files in final build directory
Bug 24842: include libasan.so.2 and libubsan.so.0 in debug builds

Veranderingen voor v7.0.10 - v7.0.11

All Platforms
Update Firefox to 52.5.2esr
Update Tor to 0.3.1.9
Update HTTPS-Everywhere to 2017.12.6
Update NoScript to 5.1.8.1

Veranderingen voor v7.0.8 - v7.0.10

* All Platforms
* Update Firefox to 52.5.0esr
* Update Tor to 0.3.1.8
* Update Torbutton to 1.9.7.10
* Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
* Translations update
* Update HTTPS-Everywhere to 2017.10.30
* Bug 24178: Use make.sh for building HTTPS-Everywhere
* Update NoScript to 5.1.5
* Bug 23968: NoScript icon jumps to the right after update
* Windows
* Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
* Bug 23396: Update the msvcr100.dll we ship
* Bug 24052: Block file:// redirects early

Veranderingen voor v7.0.4 - v7.0.5

All Platforms
Update Torbutton to 1.9.7.6
Bug 22989: Fix dimensions of new windows on macOS
Translations update
Update HTTPS-Everywhere to 2017.8.31
Update NoScript to 5.0.9
Bug 23166: Add new obfs4 bridge to the built-in ones
Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
Bug 21270: NoScript settings break WebExtensions add-ons

Veranderingen voor v7.0.2 - v7.0.4

All Platforms
Update Firefox to 52.3.0esr
Update Tor to 0.3.0.10
Update Torbutton to 1.9.7.5
Bug 21999: Fix display of language prompt in non-en-US locales
Bug 18193: Don't let about:tor have chrome privileges
Bug 22535: Search on about:tor discards search query
Bug 21948: Going back to about:tor page gives "Address isn't valid" error
Code clean-up
Translations update
Update Tor Launcher to 0.2.12.3
Bug 22592: Default bridge settings are not removed
Translations update
Update HTTPS-Everywhere to 5.2.21
Update NoScript to 5.0.8.1
Bug 22362: Remove workaround for XSS related browser freezing
Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
Bug 21321: Exempt .onions from HTTP related security warnings
Bug 22073: Disable GetAddons option on addons page
Bug 22884: Fix broken about:tor page on higher security levels
Windows
Bug 22829: Remove default obfs4 bridge riemann.
Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
OS X
Bug 22829: Remove default obfs4 bridge riemann.

Veranderingen voor v7.0.1 - v7.0.2

This release features an important security update to Tor.

Veranderingen voor v7.0 - v7.0.1

All Platforms
Update Firefox to 52.2.0esr
Update Tor to 0.3.0.8
Update Torbutton to 1.9.7.4
Bug 22542: Security Settings window too small on macOS 10.12
Update HTTPS-Everywhere to 5.2.18
Bug 22362: NoScript's XSS filter freezes the browser
OS X
Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0

Veranderingen voor v6.5.2 - v7.0

All Platforms
Update Firefox to 52.1.2esr
Update Tor to 0.3.0.7
Update Torbutton to 1.9.7.3
Bug 22104: Adjust our content policy whitelist for ff52-esr
Bug 22457: Allow resources loaded by view-source://
Bug 21627: Ignore HTTP 304 responses when checking redirects
Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
Bug 21865: Update our JIT preferences in the security slider
Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
Bug 21745: Fix handling of catch-all circuit
Bug 21547: Fix circuit display under e10s
Bug 21268: e10s compatibility for New Identity
Bug 21267: Remove window resize implementation for now
Bug 21201: Make Torbutton multiprocess compatible
Translations update
Update Tor Launcher to 0.2.12.2
Bug 22283: Linux 7.0a4 broken after update due to unix: lines in torrc
Bug 20761: Don't ignore additional SocksPorts
Bug 21920: Don't show locale selection dialog
Bug 21546: Mark Tor Launcher as multiprocess compatible
Bug 21264: Add a README file
Translations update
Update HTTPS-Everywhere to 5.2.17
Update NoScript to 5.0.5
Update Go to 1.8.3 (bug 22398)
Bug 21962: Fix crash on about:addons page
Bug 21766: Fix crash when the external application helper dialog is invoked
Bug 21886: Download is stalled in non-e10s mode
Bug 21778: Canvas prompt is not shown in Tor Browser based on ESR52
Bug 21569: Add first-party domain to Permissions key
Bug 22165: Don't allow collection of local IP addresses
Bug 13017: Work around audio fingerprinting by disabling the Web Audio API
Bug 10286: Disable Touch API and add fingerprinting resistance as fallback
Bug 13612: Disable Social API
Bug 10283: Disable SpeechSynthesis API
Bug 22333: Disable WebGL2 API for now
Bug 21861: Disable additional mDNS code to avoid proxy bypasses
Bug 21684: Don't expose navigator.AddonManager to content
Bug 21431: Clean-up system extensions shipped in Firefox 52
Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
Bug 16285: Don't ship ClearKey EME system and update EME preferences
Bug 21675: Spoof window.navigator.hardwareConcurrency
Bug 21792: Suppress MediaError.message
Bug 16337: Round times exposed by Animation API to nearest 100ms
Bug 21972: about:support is partially broken
Bug 21726: Keep Graphite support disabled
Bug 21323: Enable Mixed Content Blocking
Bug 21685: Disable remote new tab pages
Bug 21790: Disable captive portal detection
Bug 21686: Disable Microsoft Family Safety support
Bug 22073: Make sure Mozilla's experiments are disabled
Bug 21683: Disable newly added Safebrowsing capabilities
Bug 22071: Disable Kinto-based blocklist update mechanism
Bug 22415: Fix format error in our pipeline patch
Bug 22072: Hide TLS error reporting checkbox
Bug 20761: Don't ignore additional SocksPorts
Bug 21862: Rip out potentially unsafe Rust code
Bug 16485: Improve about:cache page
Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
Bug 21340: Identify and backport new patches from Firefox
Bug 22153: Fix broken feeds on higher security levels
Bug 22025: Fix broken certificate error pages on higher security levels
Bug 21887: Fix broken error pages on higher security levels
Bug 22458: Fix broken `about:cache` page on higher security levels
Bug 21876: Enable e10s by default on all supported platforms
Bug 21876: Always use esr policies for e10s
Bug 20905: Fix resizing issues after moving to a direct Firefox patch
Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
Bug 21885: SVG is not disabled in Tor Browser based on ESR52
Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
Bug 18531: Uncaught exception when opening ip-check.info
Bug 18574: Uncaught exception when clicking items in Library
Bug 22327: Isolate Page Info media previews to first party domain
Bug 22452: Isolate tab list menuitem favicons to first party domain
Bug 15555: View-source requests are not isolated by first party domain
Bug 3246: Double-key cookies
Bug 8842: Fix XML parsing error
Bug 5293: Neuter fingerprinting with Battery API
Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
Bug 19645: TBB zooms text when resizing browser window
Bug 19192: Untrust Blue Coat CA
Bug 19955: Avoid confusing warning that favicon load request got cancelled
Bug 20005: Backport fixes for memory leaks investigation
Bug 20755: ltn.com.tw is broken in Tor Browser
Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
Bug 20680: Rebase Tor Browser patches to 52 ESR
Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
Bug 22468: Add default obfs4 bridges frosty and dragon
Windows
Bug 22419: Prevent access to file://
Bug 12426: Make use of HeapEnableTerminationOnCorruption
Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement
Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
OS X
Bug 21940: Don't allow privilege escalation during update
Bug 22044: Fix broken default search engine on macOS
Bug 21879: Use our default bookmarks on OSX
Bug 21779: Non-admin users can't access Tor Browser on macOS
Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
Bug 21724: Make Firefox and Tor Browser distinct macOS apps
Bug 21931: Backport OSX SetupMacCommandLine updater fixes
Bug 15910: Don't download GMPs via the local fallback
Linux
Bug 16285: Remove ClearKey related library stripping
Bug 22041: Fix update error during update to 7.0a3
Bug 22238: Fix use of hardened wrapper for Firefox build
Bug 21907: Fix runtime error on CentOS 6
Bug 15910: Don't download GMPs via the local fallback
Android
Bug 19078: Disable RtspMediaResource stuff in Orfox
Build system
Windows
Bug 21837: Fix reproducibility of accessibility code for Windows
Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52
Bug 21904: Bump mingw-w64 commit to help with sandbox compilation
Bug 18831: Use own Yasm for Firefox cross-compilation
OS X
Bug 21328: Updating to clang 3.8.0
Bug 21754: Remove old GCC toolchain and macOS SDK
Bug 19783: Remove unused macOS helper scripts
Bug 10369: Don't use old GCC toolchain anymore for utils
Bug 21753: Replace our old GCC toolchain in PT descriptor
Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
Bug 22328: Remove clang PIE wrappers

Veranderingen voor v6.5 - v6.5.1

All Platforms
Update Firefox to 45.8.0esr
Tor to 0.2.9.10
OpenSSL to 1.0.2k
Update Torbutton to 1.9.6.14
Bug 21396: Allow leaking of resource/chrome URIs (off by default)
Bug 21574: Add link for zh manual and create manual links dynamically
Bug 21330: Non-usable scrollbar appears in tor browser security settings
Translation updates
Update HTTPS-Everywhere to 5.2.11
Bug 21514: Restore W^X JIT implementation removed from ESR45
Bug 21536: Remove scramblesuit bridge
Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge

Veranderingen voor v6.0.8 - v6.5

All Platforms
Update Firefox to 45.7.0esr
Tor to 0.2.9.9
OpenSSL to 1.0.2j
Update Torbutton to 1.9.6.12
Bug 16622: Timezone spoofing moved to tor-browser.git
Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
Bug 20701: Allow the directory listing stylesheet in the content policy
Bug 19837: Whitelist internal URLs that Firefox requires for media
Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
Bug 19273: Improve external app launch handling and associated warnings
Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
Bug 17767: Make "JavaScript disabled" more visible in Security Slider
Bug 20556: Use pt-BR strings from now on
Bug 20614: Add links to Tor Browser User Manual
Bug 20414: Fix non-rendering arrow on OS X
Bug 20728: Fix bad preferences.xul dimensions
Bug 19898: Use DuckDuckGo on about:tor
Bug 21091: Hide the update check menu entry when running under the sandbox
Bug 19459: Move resizing code to tor-browser.git
Bug 20264: Change security slider to 3 options
Bug 20347: Enhance security slider's custom mode
Bug 20123: Disable remote jar on all security levels
Bug 20244: Move privacy checkboxes to about:preferences#privacy
Bug 17546: Add tooltips to explain our privacy checkboxes
Bug 17904: Allow security settings dialog to resize
Bug 18093: Remove 'Restore Defaults' button
Bug 20373: Prevent redundant dialogs opening
Bug 20318: Remove helpdesk link from about:tor
Bug 21243: Add links for pt, es, and fr Tor Browser manuals
Bug 20753: Remove obsolete StartPage locale strings
Bug 21131: Remove 2016 donation banner
Bug 18980: Remove obsolete toolbar button code
Bug 18238: Remove unused Torbutton code and strings
Bug 20388+20399+20394: Code clean-up
Translation updates
Update Tor Launcher to 0.2.10.3
Bug 19568: Set CurProcD for Thunderbird/Instantbird
Bug 19432: Remove special handling for Instantbird/Thunderbird
Translation updates
Update HTTPS-Everywhere to 5.2.9
Update NoScript to 2.9.5.3
Bug 16622: Spoof timezone with Firefox patch
Bug 17334: Spoof referrer when leaving a .onion domain
Bug 19273: Write C++ patch for external app launch handling
Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
Bug 12523: Mark JIT pages as non-writable
Bug 20123: Always block remote jar files
Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
Bug 19164: Remove support for SHA-1 HPKP pins
Bug 19186: KeyboardEvents are only rounding to 100ms
Bug 16998: Isolate preconnect requests to URL bar domain
Bug 19478: Prevent millisecond resolution leaks in File API
Bug 20471: Allow javascript: links from HTTPS first party pages
Bug 20244: Move privacy checkboxes to about:preferences#privacy
Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
Bug 20709: Fix wrong update URL in alpha bundles
Bug 19481: Point the update URL to aus1.torproject.org
Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
Bug 20442: Backport fix for local path disclosure after drag and drop
Bug 20160: Backport fix for broken MP3-playback
Bug 20043: Isolate SharedWorker script requests to first party
Bug 18923: Add script to run all Tor Browser regression tests
Bug 20651: DuckDuckGo does not work with JavaScript disabled
Bug 19336+19835: Enhance about:tbupdate page
Bug 20399+15852: Code clean-up
Windows
Bug 20981: On Windows, check TZ for timezone first
Bug 18175: Maximizing window and restarting leads to non-rounded window size
Bug 13437: Rounded inner window accidentally grows to non-rounded size
OS X
Bug 20590: Badly resized window due to security slider notification bar on OS X
Bug 20439: Make the build PIE on OSX
Linux
Bug 20691: Updater breaks if unix domain sockets are used
Bug 15953: Weird resizing dance on Tor Browser startup
Build system
All platforms
Bug 20927: Upgrade Go to 1.7.4
Bug 20583: Make the downloads.json file reproducible
Bug 20133: Don't apply OpenSSL patch anymore
Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
Bug 18291: Remove some uses of libfaketime
Bug 18845: Make zip and tar helpers generate reproducible archives
OS X
Bug 20258: Make OS X Tor archive reproducible again
Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
Bug 19856: Make OS X builds reproducible (getting libfaketime back)
Bug 19410: Fix incremental updates by taking signatures into account
Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one

Veranderingen voor v6.0.7 - v6.0.8

All Platforms
Update Firefox to 45.6.0esr
Update Tor to 0.2.8.11
Update Torbutton to 1.9.5.13
Bug 20947: Donation banner improvements
Update HTTPS-Everywhere to 5.2.8
Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
Bug 20837: Activate iat-mode for certain obfs4 bridges
Bug 20838: Uncomment NX01 default obfs4 bridge
Bug 20840: Rotate ports a third time for default obfs4 bridges

Veranderingen voor v6.0.6 - v6.0.7

All Platforms
Update Firefox to 45.5.1esr
Update NoScript to 2.9.5.2

Veranderingen voor v6.0.5 - v6.0.6

All Platforms
Update Firefox to 45.5.0esr
Update Tor to 0.2.8.9
Update OpenSSL to 1.0.1u
Update Torbutton to 1.9.5.12
Bug 20414: Add donation banner on about:tor for 2016 campaign
Translation updates
Update Tor Launcher to 0.2.9.4
Bug 20429: Do not open progress window if tor doesn't get started
Bug 19646: Wrong location for meek browser profile on OS X
Update HTTPS-Everywhere to 5.2.7
Update meek to 0.25
Bug 19646: Wrong location for meek browser profile on OS X
Bug 20030: Shut down meek-http-helper cleanly if built with Go > 1.5.4
Bug 19838: Add dgoulet's bridge and add another one commented out
Bug 20296: Rotate ports again for default obfs4 bridges
Bug 19735: Switch default search engine to DuckDuckGo
Bug 20118: Don't unpack HTTPS Everywhere anymore
Windows
Bug 20342: Add tor-gencert.exe to expert bundle
OS X
Bug 20204: Windows don't drag on macOS Sierra anymore
Bug 20250: Meek fails on macOS Sierra if built with Go < 1.7
Build system
All platforms
Bug 20023: Upgrade Go to 1.7.3

Veranderingen voor v6.0.2 - v6.0.3

All Platforms
Update Firefox to 45.3.0esr
Update Torbutton to 1.9.5.6
Bug 19417: Disable asmjs for now
Bug 19689: Use proper parent window for plugin prompt
Update HTTPS-Everywhere to 5.2.1
Update NoScript to 2.9.0.12
Bug 19715: Disable the meek-google pluggable transport option
Bug 19714: Remove mercurius4 obfs4 bridge
Bug 19585: Fix regression test for keyboard layout fingerprinting
Bug 19515: Tor Browser is crashing in graphics code
Bug 18513: Favicon requests can bypass New Identity
OS X
Bug 19269: Icon doesn't appear in Applications folder or Dock
Android
Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined

Veranderingen voor v6.0 - v6.0.1

All Platforms
Update Firefox to 45.2.0esr
Bug 18884: Don't build the loop extension
Bug 19187: Backport fix for crash related to popup menus
Bug 19212: Fix crash related to network panel in developer tools

Veranderingen voor v5.5.5 - v6.0

All Platforms
Update Firefox to 45.1.1esr
Update OpenSSL to 1.0.1t
Update Torbutton to 1.9.5.4
Bug 18466: Make Torbutton compatible with Firefox ESR 45
Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
Bug 18905: Hide unusable items from help menu
Bug 16017: Allow users to more easily set a non-tor SSH proxy
Bug 17599: Provide shortcuts for New Identity and New Circuit
Translation updates
Code clean-up
Update Tor Launcher to 0.2.9.3
Bug 13252: Do not store data in the application bundle
Bug 18947: Tor Browser is not starting on OS X if put into /Applications
Bug 11773: Setup wizard UI flow improvements
Translation updates
Update HTTPS-Everywhere to 5.1.9
Update meek to 0.22 (tag 0.22-18371-3)
Bug 18371: Symlinks are incompatible with Gatekeeper signing
Bug 18904: Mac OS: meek-http-helper profile not updated
Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
Bug 18900: Fix broken updater on Linux
Bug 19121: The update.xml hash should get checked during update
Bug 18042: Disable SHA1 certificate support
Bug 18821: Disable libmdns support for desktop and mobile
Bug 18848: Disable additional welcome URL shown on first start
Bug 14970: Exempt our extensions from signing requirement
Bug 16328: Disable MediaDevices.enumerateDevices
Bug 16673: Disable HTTP Alternative-Services
Bug 17167: Disable Mozilla's tracking protection
Bug 18603: Disable performance-based WebGL fingerprinting option
Bug 18738: Disable Selfsupport and Unified Telemetry
Bug 18799: Disable Network Tickler
Bug 18800: Remove DNS lookup in lockfile code
Bug 18801: Disable dom.push preferences
Bug 18802: Remove the JS-based Flash VM (Shumway)
Bug 18863: Disable MozTCPSocket explicitly
Bug 15640: Place Canvas MediaStream behind site permission
Bug 16326: Verify cache isolation for Request and Fetch APIs
Bug 18741: Fix OCSP and favicon isolation for ESR 45
Bug 16998: Disable for now
Bug 18898: Exempt the meek extension from the signing requirement as well
Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
Bug 18890: Test importScripts() for cache and network isolation
Bug 18886: Hide pocket menu items when Pocket is disabled
Bug 18703: Fix circuit isolation issues on Page Info dialog
Bug 19115: Tor Browser should not fall back to Bing as its search engine
Bug 18915+19065: Use our search plugins in localized builds
Bug 19176: Zip our language packs deterministically
Bug 18811: Fix first-party isolation for blobs URLs in Workers
Bug 18950: Disable or audit Reader View
Bug 18886: Remove Pocket
Bug 18619: Tor Browser reports "InvalidStateError" in browser console
Bug 18945: Disable monitoring the connected state of Tor Browser users
Bug 18855: Don't show error after add-on directory clean-up
Bug 18885: Disable the option of logging TLS/SSL key material
Bug 18770: SVGs should not show up on Page Info dialog when disabled
Bug 18958: Spoof screen.orientation values
Bug 19047: Disable Heartbeat prompts
Bug 18914: Use English-only label in tags
Bug 18996: Investigate server logging in esr45-based Tor Browser
Bug 17790: Add unit tests for keyboard fingerprinting defenses
Bug 18995: Regression test to ensure CacheStorage is disabled
Bug 18912: Add automated tests for updater cert pinning
Bug 16728: Add test cases for favicon isolation
Bug 18976: Remove some FTE bridges
Windows
Bug 13419: Support ICU in Windows builds
Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
OS X
Bug 6540: Support OS X Gatekeeper
Bug 13252: Tor Browser should not store data in the application bundle
Bug 18951: HTTPS-E is missing after update
Bug 18904: meek-http-helper profile not updated
Bug 18928: Upgrade is not smooth (requires another restart)
Build System
All Platforms
Bug 18127: Add LXC support for building with Debian guest VMs
Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
Bug 18919: Remove unused keys and unused dependencies
Windows
Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
Bug 18290: Bump mingw-w64 commit we use
OS X
Bug 18331: Update toolchain for Firefox 45 ESR
Bug 18690: Switch to Debian Wheezy guest VMs
Linux
Bug 18699: Stripping fails due to obsolete Browser/components directory
Bug 18698: Include libgconf2-dev for our Linux builds
Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)

Veranderingen voor v5.5.4 - v5.5.5

All Platforms
Update Firefox to 38.8.0esr
Update Tor Launcher to 0.2.7.9
Bug 10534: Don't advertise the help desk directly anymore
Translation updates
Update HTTPS-Everywhere to 5.1.6
Update NoScript to 2.9.0.11
Bug 18726: Add new default obfs4 bridge (GreenBelt)

Veranderingen voor v5.5.2 - v5.5.3

All Platforms
Update Firefox to 38.7.0esr
Update OpenSSL to 1.0.1s
Update NoScript to 2.9.0.4
Update HTTPS Everywhere to 5.1.4
Update Torbutton to 1.9.4.4
Bug 16990: Don't mishandle multiline commands
Bug 18144: about:tor update arrow position is wrong
Bug 16725: Allow resizing with non-default homepage
Translation updates
Bug 18030: Isolate favicon requests on Page Info dialog
Bug 18297: Use separate Noto JP,KR,SC,TC fonts
Bug 18170: Make sure the homepage is shown after an update as well
Windows
Bug 18292: Disable staged updates on Windows

Veranderingen voor v5.5.1 - v5.5.2

All Platforms
Update Firefox to 38.6.1esr
Update NoScript to 2.9.0.3

Veranderingen voor v5.5 - v5.5.1

All Platforms
Bug 18168: Don't clear an iframe's window.name (fix of #16620)
Bug 18137: Add two new obfs4 default bridges
Windows
Bug 18169: Whitelist zh-CN UI font
OS X
Bug 18172: Add Emoji support
Linux

Veranderingen voor v5.0.7 - v5.5

All Platforms
Update Firefox to 38.6.0esr
Update libevent to 2.0.22-stable
Update NoScript to 2.9.0.2
Update Torbutton to 1.9.4.3
Bug 16990: Show circuit display for connections using multi-party channels
Bug 18019: Avoid empty prompt shown after non-en-US update
Bug 18004: Remove Tor fundraising donation banner
Bug 16940: After update, load local change notes
Bug 17108: Polish about:tor appearance
Bug 17568: Clean up tor-control-port.js
Bug 16620: Move window.name handling into a Firefox patch
Bug 17351: Code cleanup
Translation updates
Update Tor Launcher to 0.2.7.8
Bug 18113: Randomly permutate available default bridges of chosen type
Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
Bug 10140: Add new Tor Browser locale (Japanese)
Bug 17428: Remove Flashproxy
Bug 13512: Load a static tab with change notes after an update
Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
Bug 15564: Isolate SharedWorkers by first-party domain
Bug 16940: After update, load local change notes
Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of #15646)
Bug 17790: Map the proper SHIFT characters to the digit keys (fix of #15646)
Bug 17369: Disable RC4 fallback
Bug 17442: Remove custom updater certificate pinning
Bug 16620: Move window.name handling into a Firefox patch
Bug 17220: Support math symbols in font whitelist
Bug 10599+17305: Include updater and build patches needed for hardened builds
Bug 18115+18104+18071+18091: Update/add new obfs4 bridge
Bug 18072: Change recommended pluggable transport type to obfs4
Bug 18008: Create a new MAR Signing key and bake it into Tor Browser
Bug 16322: Use onion address for DuckDuckGo search engine
Bug 17917: Changelog after update is empty if JS is disabled
Windows
Bug 17250: Add localized font names to font whitelist
Bug 16707: Allow more system fonts to get used on Windows
Bug 13819: Ship expert bundles with console enabled
Bug 17250: Fix broken Japanese fonts
Bug 17870: Add intermediate certificate for authenticode signing
OS X
Bug 17122: Rename Japanese OS X bundle
Bug 16707: Allow more system fonts to get used on OS X
Bug 17661: Whitelist font .Helvetica Neue DeskInterface

Veranderingen voor v5.0.5 - v5.0.6

All Platforms
Bug 17877: Tor Browser 5.0.5 is using the wrong Mozilla build tag
The changes made in 5.0.5 are the following:
All Platforms
Update Firefox to 38.5.0esr
Update Tor to 0.2.7.6
Update OpenSSL to 1.0.1q
Update NoScript to 2.7
Update HTTPS Everywhere to 5.1.1
Update Torbutton to 1.9.3.7
Bug 16990: Avoid matching '250 ' to the end of node name
Bug 17565: Tor fundraising campaign donation banner
Bug 17770: Fix alignments on donation banner
Bug 17792: Include donation banner in some non en-US Tor Browsers
Translation updates
Bug 17207: Hide MIME types and plugins from websites
Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
Bug 16863: Avoid confusing error when loop.enabled is false
Bug 17502: Add a preference for hiding "Open with" on download dialog
Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
Bug 17747: Add ndnop3 as new default obfs4 bridge

Veranderingen voor v5.0.4 - v5.0.5

All Platforms
Update Firefox to 38.5.0esr
Update Tor to 0.2.7.6
Update OpenSSL to 1.0.1q
Update NoScript to 2.7
Update HTTPS Everywhere to 5.1.1
Update Torbutton to 1.9.3.7
Bug 16990: Avoid matching '250 ' to the end of node name
Bug 17565: Tor fundraising campaign donation banner
Bug 17770: Fix alignments on donation banner
Bug 17792: Include donation banner in some non en-US Tor Browsers
Translation updates
Bug 17207: Hide MIME types and plugins from websites
Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
Bug 16863: Avoid confusing error when loop.enabled is false
Bug 17502: Add a preference for hiding "Open with" on download dialog
Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
Bug 16441: Suppress "Reset Tor Browser" prompt
Bug 17747: Add ndnop3 as new default obfs4 bridge

Veranderingen voor v5.0.3 - v5.0.4

All Platforms
Update Firefox to 38.4.0esr
Update NoScript to 2.6.9.39
Update Torbutton to 1.9.3.5
Bug 9623: Spoof Referer when leaving a .onion domain
Bug 16735: about:tor should accommodate different fonts/font sizes
Bug 16937: Don't translate the homepage/spellchecker dictionary string
Bug 17164: Don't show text-select cursor on circuit display
Bug 17351: Remove unused code
Translation updates
Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles
Bug 17318: Remove dead ScrambleSuit bridge
Bug 17473: Update meek-amazon fingerprint
Bug 16983: Isolate favicon requests caused by the tab list dropdown
Bug 17102: Don't crash while opening a second Tor Browser
Windows
Bug 16906: Don't depend on Windows crypto DLLs
Linux
Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926)

Veranderingen voor v5.0.2 - v5.0.3

All Platforms
Update Firefox to 38.3.0esr
Update Torbutton to 1.9.3.4
Bug 16887: Update intl.accept_languages value
Bug 15493: Update circuit display on new circuit info
Bug 16797: brandShorterName is missing from brand.properties
Bug 14429: Make sure the automatic resizing is disabled
Translation updates
Bug 7446: Tor Browser should not "fix up" .onion domains (or any domains)
Bug 16837: Disable Firefox Hotfix updates
Bug 16855: Allow blobs to be downloaded on first-party pages (fixes mega.nz)
Bug 16781: Allow saving pdf files in built-in pdf viewer
Bug 16842: Restore Media tab on Page information dialog
Bug 16727: Disable about:healthreport page
Bug 16783: Normalize NoScript default whitelist
Bug 16775: Fix preferences dialog with security slider set to "High"
Bug 13579: Update download progress bar automatically
Bug 15646: Reduce keyboard layout fingerprinting in KeyboardEvent
Bug 17046: Event.timeStamp should not reveal startup time
Bug 16872: Fix warnings when opening about:downloads
Bug 17097: Fix intermittent crashes when using the print dialog
Windows
Bug 16906: Fix Mingw-w64 compilation breakage
OS X
Bug 16910: Update copyright year in OS X bundles

Veranderingen voor v5.0.1 - v5.0.2

All Platforms
Update Firefox to 38.2.1esr
Update NoScript to 2.6.9.36
Linux
Bug 16860: Avoid duplicate icons on Unity and Gnome

Veranderingen voor v5.0 - v5.0.1

This release fixes a crash bug that caused Tor Browser to crash on certain sites (in particular, Google Maps and Tumblr). The crash bug was a NULL pointer dereference while handling blob URIs. The crash was not exploitable.

Veranderingen voor v4.5.3 - v5.0

All Platforms
Update Firefox to 38.2.0esr
Update OpenSSL to 1.0.1p
Update HTTPS-Everywhere to 5.0.7
Update NoScript to 2.6.9.34
Update meek to 0.20
Update Tor to 0.2.6.10 with patches:
Bug 16674: Allow FQDNs ending with a single '.' in our SOCKS host name checks.
Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
Bug 15482: Don't allow circuits to change while a site is in use
Update Torbutton to 1.9.3.2
Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
Bug 16730: Reset NoScript whitelist on upgrade
Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
Bug 16268: Show Tor Browser logo on About page
Bug 16639: Check for Updates menu item can cause update download failure
Bug 15781: Remove the sessionstore filter
Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1)
Bug 16200: Update Cache API usage and prefs for FF38
Bug 16357: Use Mozilla API to wipe permissions db
Bug 14429: Make sure the automatic resizing is disabled
Translation updates
Update Tor Launcher to 0.2.7.7
Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1)
Bug 15145: Visually distinguish "proxy" and "bridge" screens.
Translation updates
Bug 16730: Prevent NoScript from updating the default whitelist
Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
Bug 16884: Prefer IPv6 when supported by the current Tor exit
Bug 16488: Remove "Sign in to Sync" from the browser menu
Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
Bug 15703: Isolate mediasource URIs and media streams to first party
Bug 16429+16416: Isolate blob URIs to first party
Bug 16632: Turn on the background updater and restart prompting
Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
Bug 16523: Fix in-browser JavaScript debugger
Bug 16236: Windows updater: avoid writing to the registry
Bug 16625: Fully disable network connection prediction
Bug 16495: Fix SVG crash when security level is set to "High"
Bug 13247: Fix meek profile error after bowser restarts
Bug 16005: Relax WebGL minimal mode
Bug 16300: Isolate Broadcast Channels to first party
Bug 16439: Remove Roku screencasting code
Bug 16285: Disabling EME bits
Bug 16206: Enforce certificate pinning
Bug 15910: Disable Gecko Media Plugins for now
Bug 13670: Isolate OCSP requests by first party domain
Bug 16448: Isolate favicon requests by first party
Bug 7561: Disable FTP request caching
Bug 6503: Fix single-word URL bar searching
Bug 15526: ES6 page crashes Tor Browser
Bug 16254: Disable GeoIP-based search results.
Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
Bug 13024: Disable DOM Resource Timing API
Bug 16340: Disable User Timing API
Bug 14952: Disable HTTP/2
Bug 1517: Reduce precision of time for Javascript
Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
Bug 16311: Fix navigation timing in ESR 38
Windows
Bug 16014: Staged update fails if meek is enabled
Bug 16269: repeated add-on compatibility check after update (meek enabled)
Mac OS
Use OSX 10.7 SDK
Bug 16253: Tor Browser menu on OS X is broken with ESR 38
Bug 15773: Enable ICU on OS X
Build System
Bug 16351: Upgrade our toolchain to use GCC 5.1
Bug 15772 and child tickets: Update build system for Firefox 38
Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt

Veranderingen voor v5.0a3 - v5.0a4

All Platforms
Update Tor to 0.2.7.2-alpha with patches
Bug 15482: Don't allow circuits to change while a site is in use
Update OpenSSL to 1.0.1p
Update HTTPS-Everywhere to 5.0.7
Update NoScript to 2.6.9.31
Update Torbutton to 1.9.3.1
Bug 16268: Show Tor Browser logo on About page
Bug 16639: Check for Updates menu item can cause update download failure
Bug 15781: Remove the sessionstore filter
Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
Translation updates
Bug 16884: Prefer IPv6 when supported by the current Tor exit
Bug 16488: Remove "Sign in to Sync" from the browser menu
Bug 13313: Bundle a fixed set of fonts to defend against fingerprinting
Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
Bug 15703: Isolate mediasource URIs and media streams to first party
Bug 16429+16416: Isolate blob URIs to first party
Bug 16632: Turn on the background updater and restart prompting
Bug 16528: Prevent IndexedDB Modernizr site breakage on Twitter and elsewhere
Bug 16523: Fix in-browser JavaScript debugger
Bug 16236: Windows updater: avoid writing to the registry
Bug 16005: Restrict WebGL minimal mode a bit (fixup)
Bug 16625: Fully disable network connection prediction
Bug 16495: Fix SVG crash when security level is set to "High"
Build System
Bug 15864: Rename sha256sums.txt to sha256sums-unsigned-build.txt

Veranderingen voor v4.5.2 - v4.5.3

All Platforms
Update Firefox to 31.8.0esr
Update OpenSSL to 1.0.1o
Update NoScript to 2.6.9.27
Update Torbutton to 1.9.2.8
Bug 16403: Set search parameters for Disconnect
Bug 14429: Make sure the automatic resizing is disabled
Translation updates
Bug 16397: Fix crash related to disabling SVG
Bug 16403: Set search parameters for Disconnect
Bug 16446: Update FTE bridge #1 fingerprint
Bug 16430: Allow DNS names with _ characters in them (fixes
nytimes.com) (Tor patch backport)

Veranderingen voor v4.5.1 - v4.5.2

All Platforms
Update Tor to 0.2.6.9
Update OpenSSL to 1.0.1n
Update HTTPS-Everywhere to 5.0.5
Update NoScript to 2.6.9.26
Update Torbutton to 1.9.2.6
Bug 15984: Disabling Torbutton breaks the Add-ons Manager
Bug 14429: Make sure the automatic resizing is disabled
Translation updates
Bug 16130: Defend against logjam attack
Bug 15984: Disabling Torbutton breaks the Add-ons Manager

Veranderingen voor v4.5 - v4.5.1

All Platforms
Update Firefox to 31.7.0esr
Update meek to 0.18
Update Tor Launcher to 0.2.7.5
Translation updates only
Update Torbutton to 1.9.2.3
Bug 15837: Show descriptions if unchecking custom mode
Bug 15927: Force update of the NoScript UI when changing security level
Bug 15915: Hide circuit display if it is disabled.
Translation updates
Bug 15945: Disable NoScript's ClearClick protection for now
Bug 15933: Isolate by base (top-level) domain name instead of FQDN
Bug 15857: Fix file descriptor leak in updater that caused update failures
Bug 15899: Fix errors with downloading and displaying PDFs
Windows
Bug 15872: Fix meek pluggable transport startup issue with Windows 7
Build System
Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds

Veranderingen voor v4.0.8 - v4.5

All Platforms
Update Tor to 0.2.6.7 with additional patches:
Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
Update NoScript to 2.6.9.22
Update HTTPS-Everywhere to 5.0.3
Bug 15689: Resume building HTTPS-Everywhere from git tags
Update meek to 0.17
Include obfs4proxy 0.0.5
Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
Pluggable Transport Dependency Updates:
Bug 15265: Switch go.net repo to golang.org/x/net
Bug 15448: Use golang 1.4.2 for meek and obs4proxy
Update Tor Launcher to 0.2.7.4. Changes since 0.2.7.0.2 in 4.0.8:
Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
Bug 13576: Don't strip "bridge" from the middle of bridge lines
Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
Bug 14336: Fix navigation button display issues on some wizard panes
Bug 15657: Display the host:port of any connection faiures in bootstrap
Bug 15704: Do not enable network if wizard is opened
Update Torbutton to 1.9.2.2. Changes since 1.7.0.2 in 4.0.8:
Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
Bug 7255: Warn users about maximizing windows
Bug 8400: Prompt for restart if disk records are enabled/disabled.
Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
(Many Circuit UI issues were fixed during 4.5; see release changelogs for those).
Bug 9387: Security Slider 1.0
Include descriptions and tooltip hints for security levels
Notify users that the security slider exists
Make use of new SVG, jar, and MathML prefs
Bug 9442: Add New Circuit button to Torbutton menu
Bug 9906: Warn users before closing all windows and performing new identity.
Bug 10216: Add a pref to disable the local tor control port test
Bug 10280: Strings and pref for preventing plugin initialization.
Bug 11175: Remove "About Torbutton" from onion menu.
Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
Bug 11449: Fix new identity error if NoScript is not enabled
Bug 13019: Change locale spoofing pref to boolean
Bug 13079: Option to skip control port verification
Bug 13406: Stop directing users to download-easy.html.en on update
Bug 13650: Clip initial window height to 1000px
Bugs 13751+13900: Remove SafeCache cache isolation code in favor of C++ patch
Bug 13766: Set a 10 minute circuit lifespan for non-content requests
Bug 13835: Option to change default Tor Browser homepage
Bug 13998: Handle changes in NoScript 2.6.9.8+
Bug 14100: Option to hide NetworkSettings menuitem
Bug 14392: Don't steal input focus in about:tor search box
Bug 14429: Provide automatic window resizing, but disable for now
Bug 14448: Restore Torbutton menu operation on non-English localizations
Bug 14490: Use Disconnect search in about:tor search box
Bug 14630: Hide Torbutton's proxy settings tab.
Bug 14631: Improve profile access error msgs (strings for translation).
Bugs 14632+15334: Display Cookie Protections only if disk records are enabled
Bug 15085: Fix about:tor RTL text alignment problems
Bug 15460: Ensure FTP urls use content-window circuit isolation
Bug 15502: Wipe blob: URIs on New Identity
Bug 15533: Restore default security level when restoring defaults
Bug 15562: Bind SharedWorkers to thirdparty pref
Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
Bug 4100: Raise HTTP Keep-Alive back to 115 second default
Bug 5698: Fix branding in "About Torbrowser" window
Bug 10280: Don't load any plugins into the address space by default
Bug 11236: Fix omnibox order for non-English builds
Also remove Amazon, eBay and bing; add Youtube and Twitter
Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
Bug 12430: Provide a preference to disable remote jar: urls
Bugs 12827+15794: Create preference to disable SVG images (for security slider)
Bug 13019: Prevent Javascript from leaking system locale
Bug 13379: Sign our MAR update files
Bug 13439: No canvas prompt for content callers
Bug 13548: Create preference to disable MathML (for security slider)
Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
Bug 13788: Fix broken meek in 4.5-alpha series
Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
Bug 14392: Make about:tor hide itself from the URL bar
Bug 14490: Make Disconnect the default omnibox search engine
Bug 14631: Improve startup error messages for filesystem permissions issues
Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
Bug 14937: Hard-code meek and flashproxy node fingerprints
Bug 15029: Don't prompt to include missing plugins
Bug 15406: Only include addons in incremental updates if they actually update
Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
Bug 15502: Isolate blob: URI scope to URL domain; block WebWorker access
Bug 15562: Disable Javascript SharedWorkers due to third party tracking
Bug 15757: Disable Mozilla video statistics API extensions
Bug 15758: Disable Device Sensor APIs
Linux
Bug 12468: Only print/write log messages if launched with --debug
Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
Bug 13717: Make sure we use the bash shell on Linux
Bug 15672: Provide desktop app registration+unregistration for Linux
Bug 15747: Improve start-tor-browser argument handling
Windows
Bug 3861: Begin signing Tor Browser for Windows the Windows way
Bug 10761: Fix instances of shutdown crashes
Bug 13169: Don't use /dev/random on Windows for SSP
Bug 14688: Create shortcuts to desktop and start menu by default (optional)
Bug 15201: Disable 'runas Administrator' codepaths in updater
Bug 15539: Make installer exe signatures reproducibly removable
Mac
Bug 10138: Switch to 64bit builds for MacOS
Here is the list of changes since the last 4.5 alpha (4.5a5):
All Platforms
Update Tor to 0.2.6.7 with additional patches:
Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
Update NoScript to 2.6.9.22
Update HTTPS-Everywhere to 5.0.3
Bug 15689: Resume building HTTPS-Everywhere from git tags
Update meek to 0.17
Update obfs4proxy to 0.0.5
Update Tor Launcher to 0.2.7.4
Bug 15704: Do not enable network if wizard is opened
Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
Bug 13576: Don't strip "bridge" from the middle of bridge lines
Bug 15657: Display the host:port of any connection faiures in bootstrap
Update Torbutton to 1.9.2.2
Bug 15562: Bind SharedWorkers to thirdparty pref
Bug 15533: Restore default security level when restoring defaults
Bug 15510: Close Tor Circuit UI control port connections on New Identity
Bug 15472: Make node text black in circuit status UI
Bug 15502: Wipe blob URIs on New Identity
Bug 15795: Some security slider prefs do not trigger custom checkbox
Bug 14429: Disable automatic window resizing for now
Bug 4100: Raise HTTP Keep-Alive back to 115 second default
Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
Bug 15794: Crash on some pages with SVG images if SVG is disabled
Bug 15562: Disable Javascript SharedWorkers due to third party tracking
Bug 15757: Disable Mozilla video statistics API extensions
Bug 15758: Disable Device Sensor APIs
Linux
Bug 15747: Improve start-tor-browser argument handling
Bug 15672: Provide desktop app registration+unregistration for Linux
Windows
Bug 15539: Make installer exe signatures reproducibly removable
Bug 10761: Fix instances of shutdown crashes

Veranderingen voor v4.0.6 - v4.0.8

All Platforms
Bug 15637: Fix update loop due to improper versioning
Update Tor to 0.2.5.12
Update NoScript to 2.6.9.21

Veranderingen voor v4.0.5 - v4.0.6

Contains updates to Firefox, meek, and OpenSSL; it is also the last release planned to run on 32-bit Apple hardware. If you have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be automatically upgraded to Tor Browser 4.5, optimized for your hardware, later this month. If you are running OS X 10.6 or 10.7, however, you will need to update manually once that version of Tor Browser is released, as described in the end-of-life announcement last year.

Veranderingen voor v4.0.4 - v4.0.5

All Platforms
Update Firefox to 31.5.3esr
Update Tor 0.2.5.11
Update NoScript to 2.6.9.19

Veranderingen voor v4.0.3 - v4.0.4

All Platforms
Update Firefox to 31.5.0esr
Update OpenSSL to 1.0.1l
Update NoScript to 2.6.9.15
Update HTTPS-Everywhere to 4.0.3
Bug 14203: Prevent meek from displaying an extra update notification
Bug 14849: Remove new NoScript menu option to make permissions permanent
Bug 14851: Set NoScript pref to disable permanent permissions

Veranderingen voor v4.5-alpha-2 - v4.5-alpha-3

All Platforms
Update Firefox to 31.4.0esr
Update Tor to 0.2.6.2-alpha
Update NoScript to 2.6.9.10
Update HTTPS Everywhere to 5.0developement.2
Update meek to 0.15
Update Torbutton to 1.8.1.3
Bug 13998: Handle changes in NoScript 2.6.9.8+
Bug 14100: Option to hide NetworkSettings menuitem
Bug 13079: Option to skip control port verification
Bug 13835: Option to change default Tor Browser homepage
Bug 11449: Fix new identity error if NoScript is not enabled
Bug 13881: Localize strings for tor circuit display
Bug 9387: Incorporate user feedback
Bug 13671: Fixup for circuit display if bridges are used
Translation updates
Update Tor Launcher 0.2.7.1
Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
Translation updates
Bug 13379: Sign our MAR files
Bug 13788: Fix broken meek in 4.5-alpha series
Bug 13439: No canvas prompt for content callers

Veranderingen voor v4.5-alpha-1 - v4.5-alpha-2

All Platforms
Update Firefox to 31.3.0esr
Update NoScript to 2.6.9.5
Update HTTPS Everywhere to 5.0developement.1
Update Torbutton to 1.8.1.2
Bug 13672: Make circuit display optional
Bug 13671: Make bridges visible on circuit display
Bug 9387: Incorporate user feedback
Bug 13784: Remove third party authentication tokens
Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)

Veranderingen voor v4.0.1 - v4.5-alpha-1

All Platforms
Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
Bug 13019: Make JS engine use English locale if a pref is set by Torbutton
Bug 13301: Prevent extensions incompatibility error after upgrades
Bug 13460: Fix MSVC compilation issue
Bug 13504: Remove stale bridges from default bridge set
Bug 13742: Fix domain isolation for content cache and disk-enabled browsing mode
Update Tor to 0.2.6.1-alpha
Update NoScript to 2.6.9.3
Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
Bug 12903: Include obfs4proxy pluggable transport
Update Torbutton to 1.8.1.1
Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
Bug 13019: Synchronize locale spoofing pref with our Firefox patch
Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
Bug 13651: Prevent circuit-status related UI hang.
Bug 13666: Various circuit status UI fixes
Bug 13742+13751: Remove cache isolation code in favor of direct C++ patch
Bug 13746: Properly update third party isolation pref if disabled from UI
Windows
Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
Bug 13558: Fix crash on Windows XP during download folder changing
Bug 13091: Make app name "Tor Browser" instead of "Tor"
Bug 13594: Fix update failure for Windows XP users
Mac
Bug 10138: Switch to 64bit builds for MacOS

Veranderingen voor v4.0.2 - v4.0.3

All Platforms
Update Firefox to 31.4.0esr
Update NoScript to 2.6.9.10
Update meek to 0.15
Update Tor Launcher to 0.2.7.0.2
Translation updates only

Veranderingen voor v4.0.1 - v4.0.2

All Platforms
Update Firefox to 31.3.0esr
Update NoScript to 2.6.9.5
Update HTTPS Everywhere to 4.0.2
Update Torbutton to 1.7.0.2
Bug 13019: Synchronize locale spoofing pref with our Firefox patch
Bug 13746: Properly link Torbutton UI to thirdparty pref.
Bug 13742: Fix domain isolation for content cache and disk-enabled
browsing mode
Bug 5926: Prevent JS engine locale leaks (by setting the C library
locale)
Bug 13504: Remove unreliable/unreachable non-public bridges
Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
Windows
Bug 13443: Fix DirectShow-related crash with mingw patch.
Bug 13558: Fix crash on Windows XP during download folder changing
Bug 13594: Fix update failure for Windows XP users

Veranderingen voor v4.0 - v4.0.1

All Platforms
Update Tor to 0.2.5.10
Update NoScript to 2.6.9.3
Bug 13301: Prevent extensions incompatibility error after upgrades
Bug 13460: Fix MSVC compilation issue
Windows
Bug 13443: Disable DirectShow to prevent crashes on many sites
Bug 13091: Make app name "Tor Browser" instead of "Tor"

Veranderingen voor v3.6.6 - v4.0

All Platforms
Update Firefox to 31.2.0esr
Udate fteproxy to 0.2.19
Update Tor to 0.2.5.8-rc (from 0.2.4.24)
Update NoScript to 2.6.9.1
Update Torbutton to 1.7.0.1 (from 1.6.12.3)
Bug 13378: Prevent addon reordering in toolbars on first-run.
Bug 10751: Adapt Torbutton to ESR31's Australis UI.
Bug 13138: ESR31-about:tor shows "Tor is not working"
Bug 12947: Adapt session storage blocker to ESR 31.
Bug 10716: Take care of drag/drop events in ESR 31.
Bug 13366: Fix cert exemption dialog when disk storage is enabled.
Update Tor Launcher to 0.2.7.0.1 (from 0.2.5.6)
Bug 11405: Remove firewall prompt from wizard.
Bug 12895: Mention @riseup.net as a valid bridge request email address
Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
Bug 11199: Improve error messages if Tor exits unexpectedly
Bug 12451: Add option to hide TBB's logo
Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
Bug 11471: Ensure text fits the initial configuration dialog
Bug 9516: Send Tor Launcher log messages to Browser Console
Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
Bug 13016: Hide CSS -moz-osx-font-smoothing values.
Bug 13356: Meek and other symlinks missing after complete update.
Bug 13025: Spoof screen orientation to landscape-primary.
Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
Bug 13318: Minimize number of buttons on the browser toolbar.
Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
Bug 13023: Disable the gamepad API.
Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
Bug 13186: Disable DOM Performance timers
Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
Bug 4234: Automatic Update support (off by default)
Bug 11641: Reorganize bundle directory structure to mimic Firefox
Bug 10819: Create a preference to enable/disable third party isolation
Bug 13416: Defend against new SSLv3 attack (poodle).
Windows:
Bug 10065: Enable DEP, ASLR, and SSP hardening options
Linux:
Bug 13031: Add full RELRO hardening protection.
Bug 10178: Make it easier to set an alternate Tor control port and password
Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
Bug 12249: Don't create PT debug files anymore

Veranderingen voor v3.6.5 - v3.6.6

Update Tor to tor-0.2.4.24
Update Firefox to 24.8.1esr
Update NoScript to 2.6.8.42
Update HTTPS Everywhere to 4.0.1
Bug 12998: Prevent intermediate certs from being written to disk
Update Torbutton to 1.6.12.3
Bug 13091: Use "Tor Browser" everywhere
Bug 10804: Workaround fix for some cases of startup hang

Veranderingen voor v3.6.3 - v3.6.4

Not yet ....

Veranderingen voor v3.6.2 - v3.6.3

Update Firefox to 24.7.0esr
Update obfsproxy to 0.2.12
Update FTE to 0.2.17
Update NoScript to 2.6.8.33
Update HTTPS Everywhere to 3.5.3
Bug 12673: Update FTE bridges
Update Torbutton to 1.6.11.0
Bug 12221: Remove obsolete Javascript components from the toggle era
Bug 10819: Bind new third party isolation pref to Torbutton security UI
Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.

Veranderingen voor v3.6.1 - v3.6.2

All Platforms
Update Firefox to 24.6.0esr
Update OpenSSL to 1.0.1h
Update NoScript to 2.6.8.28
Update Tor to 0.2.4.22
Update Tor Launcher to 0.2.5.5
Bug 10425: Provide geoip6 file location to Tor process
Bug 11754: Remove untranslated locales that were dropped from Transifex
Bug 11772: Set Proxy Type menu correctly after restart
Bug 11699: Change &#160 to in UI elements
Update Torbutton to 1.6.10.0
Bug 11510: about:tor should not report success if tor proxy is unreachable
Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
Bug 11722: Add hidden pref to force remote Tor check
Bug 11763: Fix pref dialog double-click race that caused settings to be reset
Bug 11629: Support proxies with Pluggable Transports
Updates FTEProxy to 0.2.15
Updates obfsproxy to 0.2.9
Backported Tor Patches:
Bug 11654: Fix malformed log message in bug11156 patch.
Bug 10425: Add in Tor's geoip6 files to the bundle distribution
Bugs 11834 and 11835: Include Pluggable Transport documentation
Bug 9701: Prevent ClipBoardCache from writing to disk.
Bug 12146: Make the CONNECT Host header the same as the Request-URI.
Bug 12212: Disable deprecated webaudio API
Bug 11253: Turn on TLS 1.1 and 1.2.
Bug 11817: Don't send startup time information to Mozilla.

Veranderingen voor v3.6 - v3.6.1

All Platforms
Update HTTPS-Everywhere to 3.5.1
Update NoScript to 2.6.8.22
Bug 11658: Fix proxy configuration for non-Pluggable Transports users
Backport Pending Tor Patches:
Bug 8402: Allow Tor proxy configuration while PTs are present
Note: The Pluggable Transports themselves have not been updated to support proxy configuration yet.

Veranderingen voor v3.5.4 - v3.6

All Platforms
Update Firefox to 24.5.0esr
Include Pluggable Transports by default:
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.13 are now included
Bug 11586: Include license files for component software in Docs directory.
Bug 9010: Add Turkish language support.
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
Update NoScript to 2.6.8.20
Update Tor Launcher to 0.2.5.4
Bug 9665: Localize Tor's unreachable bridges bootstrap error
Bug 10418: Provide UI configuration for Pluggable Transports
Bug 10604: Allow Tor status & error messages to be translated
Bug 10894: Make bridge UI clear that helpdesk is a last resort for bridges
Bug 10610: Clarify wizard UI text describing obstacles/blocking
Bug 11074: Support Tails use case (XULRunner and optional customizations)
Bug 11482: Hide bridge settings prompt if no default bridges.
Bug 11484: Show help button even if no default bridges.
Update Torbutton to 1.6.9.0:
Bug 11242: Fix improper "update needed" message after in-place upgrade.
Bug 10398: Ease translation of about:tor page elements
Bug 9901: Fix browser freeze due to content type sniffing
Bug 10611: Add Swedish (sv) to extra locales to update
Bug 7439: Improve download warning dialog text.
Bug 11384: Completely remove hidden toggle menu item.
Backport Pending Tor Patches:
Bug 9665: Report a bootstrap error if all bridges are unreachable
Bug 11200: Prevent spurious error message prior to enabling network.
Bug 5018: Don't launch Pluggable Transport helpers if not in use
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
Bug 11069: Detect and report Pluggable Transport bootstrap failures
Bug 11156: Prevent spurious warning about missing pluggable transports
Mac:
Bug 4261: Use DMG instead of ZIP for Mac packages
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows
Linux:
Bug 11190: Switch linux PT build process to python2
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
Windows:
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows
Here is the changelog since the 3.6-beta-2:
All Platforms
Update Firefox to 24.5.0esr
Update Tor Launcher to 0.2.5.4
Bug 11482: Hide bridge settings prompt if no default bridges.
Bug 11484: Show help button even if no default bridges.
Update Torbutton to 1.6.9.0
Bug 7439: Improve download warning dialog text.
Bug 11384: Completely remove hidden toggle menu item.
Update NoScript to 2.6.8.20
Update fte transport to 0.2.13
Backport Pending Tor Patches:
Bug 11156: Additional obfsproxy startup error message fixes
Bug 11586: Include license files for component software in Docs directory.
Windows and Mac:
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows builds

Veranderingen voor v3.6 beta 1 - v3.6 beta 2

All Platforms
Update OpenSSL to 1.0.1g
Bug 9010: Add Turkish language support.
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
Update fte transport to 0.2.12
Update NoScript to 2.6.8.19
Update Torbutton to 1.6.8.1
Bug 11242: Fix improper "update needed" message after in-place upgrade.
Bug 10398: Ease translation of about:tor page elements
Update Tor Launcher to 0.2.5.3
Bug 9665: Localize Tor's unreachable bridges bootstrap error
Backport Pending Tor Patches:
Bug 9665: Report a bootstrap error if all bridges are unreachable
Bug 11200: Prevent spurious error message prior to enabling network.
Linux:
Bug 11190: Switch linux PT build process to python2
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
Windows:
Bug 11286: Fix fte transport launch error

Veranderingen voor v3.5.2.1 - v3.6 beta 1

All Platforms
Update Firefox to 24.4.0esr
Include Pluggable Transports by default:
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included
Update Tor Launcher to 0.2.5.1
Bug 10418: Provide UI configuration for Pluggable Transports
Bug 10604: Allow Tor status & error messages to be translated
Bug 10894: Make bridge UI clear that helpdesk is a last resort for
bridges
Bug 10610: Clarify wizard UI text describing obstacles/blocking
Bug 11074: Support Tails use case (XULRunner and optional
customizations)
Update Torbutton to 1.6.7.0:
Bug 9901: Fix browser freeze due to content type sniffing
Bug 10611: Add Swedish (sv) to extra locales to update
Update NoScript to 2.6.8.17
Update Tor to 0.2.4.21
Backport Pending Tor Patches:
Bug 5018: Don't launch Pluggable Transport helpers if not in use
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
Bug 11069: Detect and report Pluggable Transport bootstrap failures
Bug 11156: Prevent spurious warning about missing pluggable transports
Bug 10237: Disable the media cache to prevent disk leaks for videos
Bug 10703: Force the default charset to avoid locale fingerprinting
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
Mac:
Bug 4271: Use DMG instead of ZIP for Mac packages
Linux:
Bug 9533: Fix keyboard input on Ubuntu 13.10
Bug 9896: Provide debug symbols for Tor Browser binary
Bug 10472: Pass arguments to the browser from Linux startup script

Veranderingen voor v3.5.3 - v3.5.4

Update OpenSSL to 1.0.1g

Veranderingen voor v3.5.2.1 - v3.5.3

All Platforms
Update Firefox to 24.4.0esr
Update Torbutton to 1.6.7.0:
Bug 9901: Fix browser freeze due to content type sniffing
Bug 10611: Add Swedish (sv) to extra locales to update
Update NoScript to 2.6.8.17
Update Tor to 0.2.4.21
Bug 10237: Disable the media cache to prevent disk leaks for videos
Bug 10703: Force the default charset to avoid locale fingerprinting
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)

Veranderingen voor v3.5.2 - v3.5.2.1

* All Platforms
3 * Bug 10895: Fix broken localized bundles
4 * Windows:
5 * Bug 10323: Remove unneeded gcc/libstdc++ libraries from dist

Veranderingen voor v3.5.1 - v3.5.2

Rebase Tor Browser to Firefox 24.3.0ESR
Bug 10800: Prevent findbox exception and popup in New Identity
Bug 10640: Fix about:tor's update pointer position for RTL languages.
Bug 10095: Fix some cases where resolution is not a multiple of 200x100
Bug 10285: Clear site permissions on New Identity
Bug 9738: Fix for auto-maximizing on browser start
Bug 10682: Workaround to really disable updates for Torbutton
Bug 10419: Don't allow connections to localhost if Torbutton is toggled
Bug 10140: Move Japanese to extra locales (not part of TBB dist)
Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist)
Update Tor Launcher to 0.2.4.4
Bug 10682: Workaround to really disable updates for Tor Launcher
Update NoScript to 2.6.8.13

Veranderingen voor v3.5 rc1 - v3.5

Update Tor to 0.2.4.19
* Update Tor Launcher to 0.2.4.2
* Bug 10382: Fix a Tor Launcher hang on TBB exit
* Update Torbutton to 1.6.5.2
* Misc: Switch update download URL back to download-easy

Veranderingen voor v2.3.25-13 - v2.3.25-14

Update Firefox to 17.0.10esr
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
Update LibPNG to 1.6.6
Update NoScript to 2.6.8.4
Update HTTPS-Everywhere to 3.4.2
Firefox patch changes:
Hide infobar for missing plugins. (closes: #9012)
Change the default entry page for the addons tab to the installed addons page. (closes: #8364)
Make flash objects really be click-to-play if flash is enabled. (closes: #9867)
Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661)
Remove polipo and privoxy from the banned ports list. (closes: #3661)
misc: Fix a potential memory leak in the Image Cache isolation
misc: Fix a potential crash if OS theme information is ever absent

Veranderingen voor v0.2.3.25-10 - v2.3.25-11

Update Firefox to 17.0.8esr
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
Update HTTPS Everywhere to 3.3.1
Update NoScript to 2.6.7
Update LibPNG to 1.6.3

Veranderingen voor v2.3.25-8 - v0.2.3.25-10

* Update Firefox to 17.0.7esr
* Update zlib to 1.2.8
* Update HTTPS Everywhere to 3.2.2
* Update NoScript to 2.6.6.6

Veranderingen voor v2.3.25-6 - v2.3.25-8

Update Firefox to 17.0.6esr
Update HTTPS Everywhere to 3.2
Update Torbutton to 1.5.2
Update libpng to 1.5.15
Update NoScript to 2.6.6.1
Firefox patch changes:
Apply font limits to @font-face local() fonts and disable fallback
rendering for @font-face. (closes: #8455)
Use Optimistic Data SOCKS handshake (improves page load performance).
(closes: #3875)
Honor the Windows theme for inverse text colors (without leaking those
colors to content). (closes: #7920)
Increase pipeline randomization and try harder to batch pipelined
requests together. (closes: #8470)
Fix an image cache isolation domain key misusage. May fix several image
cache related crash bugs with New Identity, exit, and certain websites.
(closes: #8628)
Torbutton changes:
Allow session restore if the user allows disk actvity (closes: #8457)
Remove the Display Settings panel and associated locales (closes: #8301)
Fix "Transparent Torification" option. (closes: #6566)
Fix a hang on New Identity. (closes: #8642)
Build changes:
Fetch our source deps from an https mirror (closes: #8286)
Create watch scripts for syncing mirror sources and monitoring mirror
integrity (closes: #8338)

Veranderingen voor v2.3.25-4 - v2.3.25-5

Update Firefox to 17.0.4esr
Update NoScript to 2.6.5.8
Update HTTPS Everywhere to 3.1.4
Fix non-English language bundles to have the correct branding
Firefox patch changes:
Remove "This plugin is disabled" barrier
This improves the user experience for HTML5 Youtube videos:
They "silently" attempt to load flash first, which was not so silent
with this barrier in place.
Disable NoScript's HTML5 media click-to-play barrier
Fix a New Identity hang and/or crash condition
Fix crash with Drag + Drop on Windows
Torbutton changes:
Fix Drag+Drop crash by using a new TBB drag observer
Fix XML/E4X errors with Cookie Protections
Don't clear cookies at shutdown if user wants disk history
Leave IndexedDB and Offline Storage disabled.
Clear DOM localStorage on New Identity.
Don't strip "third party" HTTP auth from favicons
Localize the "Spoof english" button strings
Ask user for confirmation before enabling plugins
Emit private browsing session clearing event on "New Identity"

Veranderingen voor v2.3.25-2 - v2.3.25-4

Update Firefox to 17.0.3esr
Downgrade OpenSSL to 1.0.0k
Update libpng to 1.5.14
Update NoScript to 2.6.5.7
Firefox patch changes:
Exempt remote @font-face fonts from font limits (and prefer them).
(closes: #8270)
Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
they should not count towards our CSS font count limits. Moreover,
if a CSS font-family rule lists any remote fonts, those fonts are
preferred over the local fonts, so we do not reduce the font count
for that rule.
This vastly improves rendering and typography for many websites.
Disable WebRTC in Firefox build options. (closes: #8178)
WebRTC isn't slated to be enabled until Firefox 18, but the code
was getting compiled in already and is capable of creating UDP Sockets
and bypassing Tor. We disable it from build as a safety measure.
Move prefs.js into omni.ja and extension-overrides. (closes: #3944)
This causes our browser pref changes to appear as defaults. It also
means that future updates of TBB should preserve user pref settings.
Fix a use-after-free that caused crashing on MacOS (closes: #8234)
Eliminate several redundant, useless, and deprecated Firefox pref settings
Report Firefox 17.0 as the Tor Browser user agent
Use Firefox's click-to-play barrier for plugins instead of NoScript
Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
This fixes a SOCKS race condition with our SOCKS autoport configuration
and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
settings per URL now, which resulted in a proxy error for
check.torproject.org if we lost the race.
Torbutton was updated to 1.5.0. The following issues were fixed:
Remove old toggle observers and related code (closes: #5279)
Simplify Security Preference UI and associated pref updates (closes: #3100)
Eliminate redundancy in our Flash/plugin disabling code (closes: #7470)
Leave most preferences under Tor Browser's control (closes: #3944)
Disable toggle-on-startup and crash detection logic (closes: #7974)
Disable/remove toggle-mode code and related observers (closes: #5379)
Add menu hint to Torbutton icon (closes: #6431)
Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
Perform version check every time there's a new tab. (closes: #6096)
Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
misc: Allow WebGL and DOM storage.
misc: Disable independent Torbutton updates
misc: Change the recommended SOCKSPort to 9150 (to match TBB)
The following Firefox patch changes are also included in this release:
Isolate image cache to url bar domain (closes: #5742 and #6539)
Enable DOM storage and isolate it to url bar domain (closes: #6564)
Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
Misc preference changes:
Disable DOM performance timers (dom.enable_performance) (closes: #6204)
Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)

Veranderingen voor v2.3.25-1 - v2.3.25-2

Update Firefox to 10.0.12esr
Update Libevent to 2.0.21-stable
Update HTTPS Everywhere to 3.1.2
Update NoScript to 2.6.4.2

Veranderingen voor v2.2.39-5 - v2.3.25-1

Update Tor to 0.2.3.25
Update Firefox 10.0.11esr
Update Vidalia to 0.2.21
Update NoScript to 2.6.2

Veranderingen voor v2.2.39-4 - v2.2.39-5

Update Firefox to 10.0.10esr
Update NoScript to 2.5.9

Veranderingen voor v2.2.39-3 - v2.2.39-4

Update Firefox patches to prevent crashing (closes: #7128)
Update HTTPS Everywhere to 3.0.2
Update NoScript to 2.5.8

Veranderingen voor v2.2.39-1 - v2.2.39-3

Update Firefox to 10.0.9esr
Update Torbutton to 1.4.6.3
Update NoScript to 2.5.7
Update HTTPS Everywhere to 2.2.2
Update libpng to 1.5.13

Veranderingen voor v2.2.38-2 - v2.2.39-1

Update Tor to 0.2.2.39
Update NoScript to 2.5.4

Veranderingen voor v2.2.38-1 - v2.2.38-2

Update Firefox to 10.0.7esr
Update Libevent to 2.0.20-stable
Update NoScript to 2.5.2
Update HTTPS Everywhere to 2.2.1

Veranderingen voor v2.2.37-2 - v2.2.38-1

Update Tor to 0.2.2.38
Update NoScript to 2.5
Update HTTPS Everywhere to 2.1

Veranderingen voor v2.2.37-2 - v2.3.20 alpha 1

Update Tor to 0.2.3.20-rc
Update NoScript to 2.5
Change the urlbar search engine to Startpage
Firefox patch updates:
Fix the Tor Browser SIGFPE crash bug
Add a redirect API for HTTPS-Everywhere
Enable WebGL (as click-to-play only)

Veranderingen voor v2.2.35-11 - v2.2.35-12

Update OpenSSL to 1.0.1c
Update Libevent to 2.0.19-stable
Update zlib to 1.2.7
Update NoScript to 2.4.1

Veranderingen voor v2.2.35-9 - v2.2.35-11

Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
New Firefox patches:
Prevent WebSocket DNS leak (closes: #5741)
Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc

Veranderingen voor v2.2.35-8 - v2.2.35-9

Update Firefox to 12.0
Update OpenSSL to 1.0.1b
Update Libevent to 2.0.18-stable
Update Qt to 4.8.1
Update Libpng to 1.5.10
Update HTTPS Everywhere to 2.0.2
Update NoScript to 2.3.9
Rebrand Firefox to TorBrowser (closes: #2176)
New Firefox patches
Make Download Manager memory-only (closes: #4017)
Add DuckDuckGo and Startpage to Omnibox (closes: #4902)
Add Steven Michaud's OS X crash fix patch. It doesn't fix #5021 but will hopefully help us debug further. See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35
Make the 32-bit Tor Browser Bundle compatible with OS X 10.5

Veranderingen voor v2.2.35-7.1 - v2.2.35-8

Update Firefox to 11.0
Update OpenSSL to 1.0.0h
Update NoScript to 2.3.4
Update HTTPS Everywhere to 2.0.1
Always build to with warnings enabled (closes: #4470)
Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
Windows
Remove tor-resolve from the Windows bundle (closes: #5403)
Mac OS X
Give OS X users below 10.5 an incompatibility message (closes: #4356)
Linux
Don't attempt to load the default KDE 4 theme from Vidalia, because that fails when the Qt versions don't match (closes: #5214)

Veranderingen voor v2.3.25-2 - v2.3.25-3

Update OpenSSL to 1.0.1d
Update HTTPS Everywhere to 3.1.3
Update NoScript to 2.6.4.4

<<Terug naar software beschrijving

Top downloads

Laatste toevoegingen

Meer laatste toevoegingen

Versie historie van Tor Browser Bundle

Top downloads

Laatste toevoegingen

Help ons

Sections:

Follow us: