Tor Browser 8.5.3 is now available from the Tor Browser Download page [1]
and also from our distribution directory [2].
1: https://www.torproject.org/download/
2: https://www.torproject.org/dist/torbrowser/8.5.3/
This release includes an important security update [3] in Firefox, a
sandbox escape bug, which combined with additional vulnerabilities could
result in executing arbitrary code on the user's computer.
3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
Note: As part of our team is currently traveling to an event, we are
unable to access our Android signing token, therefore the Android
release is not yet available. We expect to be able to publish the
Android release this weekend. In the meantime, Android users should use
the safer or safest security levels. The security level on Android can
be changed by going in the menu on the right of the URL bar and selecting
Security Settings.
The full changelog since Tor Browser 8.5.2 is:
* All platforms
* Pick up fix for Mozilla's bug 1560192
Tor Browser 8.5.2 is now available from the Tor Browser Download page [1]
and also from our distribution directory [2].
1: https://www.torproject.org/download/
2: https://www.torproject.org/dist/torbrowser/8.5.2/
This release is fixing a critical security update [3] in Firefox. In
addition we update NoScript to 10.6.3, fixing a few issues.
3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/
Users of the safer and safest security levels were not affected by this
security issue.
Note: As part of our team is currently traveling to an event, we are
unable to access our Android signing token, therefore the Android
release is not yet available. We expect to be able to publish the Android
release this weekend. In the meantime, Android users should use the
safer or safest security levels. The security level on Android can be
changed by going in the menu on the right of the URL bar and selecting
Security Settings.
The full changelog since Tor Browser 8.5.1 is:
* All platforms
* Pick up fix for Mozilla's bug 1544386
* Update NoScript to 10.6.3
* Bug 29904: NoScript blocks MP4 on higher security levels
* Bug 30624+29043+29647: Prevent XSS protection from freezing the browser
Tor Browser 8.5.1 is now available from the Tor Browser Download page [1]
and also from our distribution directory [2].
1: https://www.torproject.org/download/
2: https://www.torproject.org/dist/torbrowser/8.5.1/
Tor Browser 8.5.1 is the first bugfix release in the 8.5 series and aims
at mostly fixing regressions and providing small improvements related
to our 8.5 release. Additionally, we disable the WebGL readPixel()
fingerprinting vector [4], realizing, though, that we need a more
holistic approach when trying to deal with the fingerprinting potential
WebGL comes with.
4: https://trac.torproject.org/projects/tor/ticket/30541
The full changelog since Tor Browser 8.5 is:
* All platforms
* Update Torbutton to 2.1.10
* Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
* Bug 30464: Add WebGL to safer descriptions
* Translations update
* Update NoScript to 10.6.2
* Bug 29969: Remove workaround for Mozilla's bug 1532530
* Update HTTPS Everywhere to 2019.5.13
* Bug 30541: Disable WebGL readPixel() for web content
* Windows + OS X + Linux
* Bug 30560: Better match actual toolbar in onboarding toolbar graphic
* Android
* Bug 30635: Sync mobile default bridges list with desktop one
* Build System
* All platforms
* Bug 30480: Check that signed tag contains expected tag name
