[tor-announce] New Release: Tor Browser 11.5.5 (Android, Windows, macOS, Linux)
Richard Pospesel
richard at torproject.org
Tue Oct 25 17:19:40 UTC 2022
Tor Browser 11.5.5 is now available from the Tor Browser download page and also
from our distribution directory.
Tor Browser 11.5.5 backports the following security updates from Firefox ESR
102.4 to to Firefox ESR 91.13 on Windows, macOS and Linux:
CVE-2022-40674: libexpat before 2.4.9 has a use-after-free in the doContent
function in xmlparse.c
CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
URLs
CVE-2022-42928: Memory Corruption in JS Engine
CVE-2022-42929: Denial of Service via window.print
CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4
Tor Browser 11.5.5 updates GeckoView on Android to 102.4.0esr and includes
important security updates. There were no Android-specific security updates to
backport from the Firefox 106 release.
The full changelog since Tor Browser 11.5.4 is:
All Platforms
Update Translations
Bug tor-browser-build#40649: Update meek default bridge
Bug tor-browser-build#40654: Enable uTLS and use the full bridge line
for snowflake
Windows + macOS + Linux
Update Manual
Bug tor-browser#40465: Onion Authentication fails when connecting to a
subdomain
Bug tor-browser#41355: Amends to YEC 2022 Takeover Desktop Stable 11.5.5
Bug tor-browser#41359: Backport ESR 102.4 security fixes to 91.13-based
Tor Browser
Bug tor-browser#41364: Continued amends to YEC 2022 Takeover Desktop
Stable 11.5.5
Android
Bug tor-browser-build#40650: Rebase geckoview-102.3.0esr-11.5-1 to ESR
102.4
Bug tor-browser#41360: Backport Android-specific Firefox 106 to ESR
102.4-based Tor Browser
Bug tor-browser#41365: Amends to YEC 2022 Takeover on Android
Build
Windows + macOS + Linux
Update Go to 1.18.7
Bug tor-browser-build#40464: go 1.18 fails to build on macOS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xDE47360363F34B2C.asc
Type: application/pgp-keys
Size: 8030 bytes
Desc: OpenPGP public key
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20221025/7ee3435d/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20221025/7ee3435d/attachment.sig>
More information about the tor-announce
mailing list