[tor-qa] Tor Browser 4.0a2 is ready for testing

Tom Ritter tom at ritter.vg
Mon Sep 1 16:24:14 UTC 2014 

Testing: torbrowser-install-4.0-alpha-2_en-US.exe
Platform: Windows 7

TBB Launches successfully: yes
Connects to the Tor network: yes

All extensions are present and functional: yes
 - HTTPS-Everywhere 5.0development.0
 - NoScript 2.6.8.39
 - TorButton 1.6.12.1

WebBrowsing works as expected
 - HTTP, HTTPS, .onion browsing works
 - HTML5 videos work (http://videojs.com/)
 - https://panopticlick.eff.org/ - unique among 3,658, 11.84 bits of
identifying information



I see ASLR on all loaded dll's in firefox.exe and tor.exe using
Process Explorer. (whoo!)
I see 'DEP (permanent) on the process.

-tom



On 1 September 2014 10:14, Georg Koppen <gk at torproject.org> wrote:
> Hi,
>
> Tor Browser 4.0a2 is ready for testing and is planned for getting
> released on September 2. It contains a bunch of new things, above all an
> update to Firefox 24.8.0esr, the auto-updater code, better hardening for
> Windows and Linux builds and improvements with respect to our canvas
> extraction prompt.
>
> The builds are found on
> https://people.torproject.org/~mikeperry/builds/4.0-alpha-2/
>
> The full changelog is:
>
>  * All Platforms
>    * Update Firefox to 24.8.0esr
>    * Update NoScript to 2.6.8.39
>    * Update Tor Launcher to 0.2.7.0
>      * Bug 11405: Remove firewall prompt from wizard.
>      * Bug 12895: Mention @riseup.net as a valid bridge request email
> address
>      * Bug 12444: Provide feedback when "Copy Tor Log" is clicked.
>      * Bug 11199: Improve error messages if Tor exits unexpectedly
>    * Update Torbutton to 1.6.12.1
>      * Bug 12684: New strings for canvas image extraction message
>      * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
>    * Bug 12684: Improve Canvas image extraction permissions prompt
>    * Bug 7265: Only prompt for first party canvas access. Log all scripts
>                that attempt to extract canvas images to Browser console.
>    * Bug 12974: Disable NTLM and Negotiate HTTP Auth
>    * Bug 2874: Remove Components.* from content access (regression)
>    * Bug 4234: Automatic Update support (off by default)
>    * Bug 9881: Open popups in new tabs by default
>    * Meek Pluggable Transport:
>      * Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with
> Firefox 24
>  * Windows:
>    * Bug 10065: Enable DEP, ASLR, and SSP hardening options
>  * Linux:
>    * Bug 12103: Adding RELRO hardening back to browser binaries.
>
> Georg
>
>
> _______________________________________________
> tor-qa mailing list
> tor-qa at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
>

More information about the tor-qa mailing list