June 2019 - tor-announce - lists.torproject.org

Tor Browser 8.5.3 is released
by Nicolas Vigier 21 Jun '19

21 Jun '19

Tor Browser 8.5.3 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.3/ This release includes an important security update [3] in Firefox, a sandbox escape bug, which combined with additional vulnerabilities could result in executing arbitrary code on the user's computer. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ Note: As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available. We expect to be able to publish the Android release this weekend. In the meantime, Android users should use the safer or safest security levels. The security level on Android can be changed by going in the menu on the right of the URL bar and selecting Security Settings. The full changelog since Tor Browser 8.5.2 is: * All platforms * Pick up fix for Mozilla's bug 1560192

1 0

Tor Browser 8.5.2 is released
by Nicolas Vigier 20 Jun '19

20 Jun '19

Tor Browser 8.5.2 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.2/ This release is fixing a critical security update [3] in Firefox. In addition we update NoScript to 10.6.3, fixing a few issues. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ Users of the safer and safest security levels were not affected by this security issue. Note: As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available. We expect to be able to publish the Android release this weekend. In the meantime, Android users should use the safer or safest security levels. The security level on Android can be changed by going in the menu on the right of the URL bar and selecting Security Settings. The full changelog since Tor Browser 8.5.1 is: * All platforms * Pick up fix for Mozilla's bug 1544386 * Update NoScript to 10.6.3 * Bug 29904: NoScript blocks MP4 on higher security levels * Bug 30624+29043+29647: Prevent XSS protection from freezing the browser

1 0

Tor Browser 8.5.1 is released
by Nicolas Vigier 05 Jun '19

05 Jun '19

Tor Browser 8.5.1 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.1/ Tor Browser 8.5.1 is the first bugfix release in the 8.5 series and aims at mostly fixing regressions and providing small improvements related to our 8.5 release. Additionally, we disable the WebGL readPixel() fingerprinting vector [4], realizing, though, that we need a more holistic approach when trying to deal with the fingerprinting potential WebGL comes with. 4: https://trac.torproject.org/projects/tor/ticket/30541 The full changelog since Tor Browser 8.5 is: * All platforms * Update Torbutton to 2.1.10 * Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup * Bug 30464: Add WebGL to safer descriptions * Translations update * Update NoScript to 10.6.2 * Bug 29969: Remove workaround for Mozilla's bug 1532530 * Update HTTPS Everywhere to 2019.5.13 * Bug 30541: Disable WebGL readPixel() for web content * Windows + OS X + Linux * Bug 30560: Better match actual toolbar in onboarding toolbar graphic * Android * Bug 30635: Sync mobile default bridges list with desktop one * Build System * All platforms * Bug 30480: Check that signed tag contains expected tag name

1 0