[tor-reports] November 2015 Report for the Tor Browser Team

Mike Perry mikeperry at torproject.org
Wed Dec 2 23:31:32 UTC 2015 

In November, the Tor Browser team made 3 releases: 5.0.4[1], 5.5a4[2],
and 5.5a4-hardened[3].

The 5.0.4 stable release featured a fix to prevent Tor Browser from
transmitting referers for .onion domains[4], removed some old Torbutton
code[5], some minor UI cleanups[6,7], and fingerprinting[8] and
internationalization fixes[9].

In the 5.5a4 release, we additionally transferred some Torbutton
functionality to direct C++ patches[10], added an additional
fingerprinting defense[11], and deployed additional internationalization
fixes[12,13,14].

The 5.5a4-hardened release is identical to 5.5a4, except that it is
built with Address Sanitizer[15] enabled, which should raise the bar for
many types of exploits, as well as help us identify memory issues
earlier. This series additionally features a unified bundling of all
locales[16], which we are experimenting with as an option for getting
Tor Browser into censored users' hands more easily. The release is
significantly larger as a result, but it will be logistically simpler to
get only one package through things like GetTor and Satori rather than
several.

The full list of tickets closed by the Tor Browser team in October can
be seen using the TorBrowserTeam201511 tag on our bug tracker[17].


In December, we will be communicating with Mozilla about our API needs
for post-sandboxing/Firefox 45ESR[18], and continuing to refine the font
defense in the alpha series. We are still working on the MacOS signing
issue, as well.

The full list of tickets the Tor Browser team plans to work on in
December can be seen with the TorBrowserTeam201512 tag on our bug
tracker[19].

1. https://blog.torproject.org/blog/tor-browser-504-released
2. https://blog.torproject.org/blog/tor-browser-55a4-released
3. https://blog.torproject.org/blog/tor-browser-55a4-hardened-released
4. https://trac.torproject.org/projects/tor/ticket/9623
5. https://trac.torproject.org/projects/tor/ticket/17351
6. https://trac.torproject.org/projects/tor/ticket/16735
7. https://trac.torproject.org/projects/tor/ticket/16937
8. https://trac.torproject.org/projects/tor/ticket/16983
9. https://trac.torproject.org/projects/tor/ticket/17329
10. https://trac.torproject.org/projects/tor/ticket/16620
11. https://trac.torproject.org/projects/tor/ticket/17207
12. https://trac.torproject.org/projects/tor/ticket/17122
13. https://trac.torproject.org/projects/tor/ticket/17250
14. https://trac.torproject.org/projects/tor/ticket/17220
15. https://github.com/google/sanitizers/wiki/AddressSanitizerAlgorithm
16. https://trac.torproject.org/projects/tor/ticket/12967
17. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201511
18. https://trac.torproject.org/projects/tor/ticket/17248
19. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201512

-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20151202/75302f77/attachment.sig>

More information about the tor-reports mailing list