The sixth pointfix release of the Tor Browser 3.6 series is available from
the Tor Browser Project page and also from our distribution directory:
https://www.torproject.org/download/download-easy.htmlhttps://www.torproject.org/dist/torbrowser/3.6.6/
This release features important security updates to Firefox:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fireā¦
Here is the complete changelog for 3.6.6:
All Platforms
Update Tor to tor-0.2.4.24
Update Firefox to 24.8.1esr
Update NoScript to 2.6.8.42
Update HTTPS Everywhere to 4.0.1
Bug 12998: Prevent intermediate certs from being written to disk
Update Torbutton to 1.6.12.3
Bug 13091: Use "Tor Browser" everywhere
Bug 10804: Workaround fix for some cases of startup hang
Linux
Bug 9150: Make RPATH unavailable on Tor binary.
-----------------------------------------------------------------------
Tor 0.2.4.24 fixes a bug that affects consistency and speed when
connecting to hidden services, and it updates the location of one of
the directory authorities.
Changes in version 0.2.4.24 - 2014-09-22
o Major bugfixes:
- Clients now send the correct address for their chosen rendezvous
point when trying to access a hidden service. They used to send
the wrong address, which would still work some of the time because
they also sent the identity digest of the rendezvous point, and if
the hidden service happened to try connecting to the rendezvous
point from a relay that already had a connection open to it,
the relay would reuse that connection. Now connections to hidden
services should be more robust and faster. Also, this bug meant
that clients were leaking to the hidden service whether they were
on a little-endian (common) or big-endian (rare) system, which for
some users might have reduced their anonymity. Fixes bug 13151;
bugfix on 0.2.1.5-alpha.
o Directory authority changes:
- Change IP address for gabelmoo (v3 directory authority).
o Minor features (geoip):
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
Country database.
