[tor-reports] January 2016 Report for the Tor Browser Team
Georg Koppen
gk at torproject.org
Wed Feb 3 13:55:32 UTC 2016
Hi all,
In January, the Tor Browser team made 6 releases: 5.0.7[1], 5.5a6[2],
5.5a6-hardened[3] + 5.5[4], 6.0a1[5] and 6.0a1-hardened[6].
The first three releases were due to a potentially exploitable crash[7]
while the three releases at the end of January incorporated the security
fixes Mozilla is providing every six weeks to its Firefox ESR.
We are excited to have Tor Browser 5.5 as our new major stable release.
It contains a number of new features and bugfixes, most notably a
defense against font enumeration which we developed over the past weeks
and months. Moreover, we made progress on our usability side by shipping
Tor Browser in an additional locale, Japanese, by polishing our
about:tor page and by showing the changes in the new Tor Browser version
immediately after an update.
Tor Browser 6.0a1 and 6.0a1-hardened make further progress on our
usability front by improving the setup wizard UI flow[8].
The full list of tickets closed by the Tor Browser team in January can
be seen using the TorBrowserTeam201601 tag on our bug tracker[9].
For February we plan to release a fixup stable release, 5.5.1, which
addresses major problems which our users noticed with the switch to 5.5:
usability issues due to our font enumeration defense[10][11] and broken
websites using the window.name attribute in iframes[12].
Further, we plan to fix the remaining bug for signing Tor Browser on OS
X and hope to get that tested in the upcoming alpha release[13].
Additionally, we are starting to look closer at tasks related to the
forthcoming switch to Firefox ESR 45, starting with rebasing our patches
and fixing our toolchains[14][15].
The full list of tickets the Tor Browser team plans to work on in
February can be seen with the TorBrowserTeam201602 tag on our bug
tracker[16].
Georg
[1] https://blog.torproject.org/blog/tor-browser-507-released
[2] https://blog.torproject.org/blog/tor-browser-55a6-released
[3] https://blog.torproject.org/blog/tor-browser-55a6-hardened-released
[4] https://blog.torproject.org/blog/tor-browser-55-released
[5] https://blog.torproject.org/blog/tor-browser-60a1-released
[6] https://blog.torproject.org/blog/tor-browser-60a1-hardened-released
[7] https://bugs.torproject.org/17931
[8] https://bugs.torproject.org/11773
[9]
https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201601
[10] https://bugs.torproject.org/18169
[11] https://bugs.torproject.org/18172
[12] https://bugs.torproject.org/18168
[13] https://bugs.torproject.org/13252
[14] https://bugs.torproject.org/15197
[15] https://bugs.torproject.org/18226
[16]
https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201602
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20160203/5ea6691d/attachment.sig>
More information about the tor-reports
mailing list