Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you're traveling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.
What is new in this release:
This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible. That vulnerability allows an attacker who is able to obtain a valid certificate for addons.mozilla.org to impersonate Mozilla's servers and to deliver a malicious extension update, e.g. for NoScript. This could lead to arbitrary code execution. Moreover, other built-in certificate pinnings are affected as well. Obtaining such a certificate is not an easy task, but it's within reach of powerful adversaries (e.g. nation states).
What is new in version 6.0.4:
This release finally brings Tor Browser users the latest Tor stable, 0.2.8.6, and avoids pinging Mozilla's servers for system extensions.
Pinging Mozilla's servers was responsible for users getting an extension into their Tor Browser that resulted in annoying and confusing "Your Firefox is out of date" notifications on start-up (bug 19890). Thanks to Mozilla engineers, who fixed that issue as quickly as possible on their side, the extension is not shipped to Tor Browser users anymore since August 11 13:00 UTC.
What is new in version 6.0.3:
This release features important security updates to Firefox. This release updates firefox to 45.3.0esr. Additionally, it bumps NoScript to 22.214.171.124, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.
What is new in version 6.0.1:
This release features important security updates to Firefox. Tor Browser 6.0.1 is the first point release in 6.0 series. It updates Firefox to 45.2.0esr, contains fixes for two crash bugs and does not ship the loop extension anymore.
What is new in version 5.5.5:
This release features important security updates to Firefox. This release updates Firefox to 38.8.0esr. Additionally, we bump NoScript to version 126.96.36.199 and HTTPS-Everywhere to 5.1.6. Moreover, we don't advertise our help desk anymore as we are currently restructuring our user support.
What is new in version 5.5.4:
- Update Firefox to 38.7.1esr
- Update Torbutton to 188.8.131.52
- Exempt Graphite from the Security Slider (Firefox disables Graphite by default)
- Make Mosaddegh and MaBishomarim available on port 80 and 443
What is new in version 5.5.3:
This release features important security updates to Firefox. Additionally, we fixed long-standing bugs in our Tor circuit display and window resizing code, and improved the usability of our font fingerprinting defense further.
What is new in version 5.5.2:
This release features important security updates to Firefox. Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.
What is new in version 5.5:
- This release features important security updates to Firefox.
- Update Firefox to 38.6.0esr
- Update libevent to 2.0.22-stable
- Update NoScript to 184.108.40.206
- Update Torbutton to 220.127.116.11
- Update Tor Launcher to 0.2.7.8
What is new in version 5.0.4:
This release features important security updates to Firefox. Additionally, we included Yan Zhu's fix for not leaking the Referer header when leaving a .onion domain and are shipping an updated NoScript version.
What is new in version 5.0.2:
- Update Firefox to 38.2.1esr.
- Update NoScript to 18.104.22.168.
What is new in version 4.5.3:
Tor Browser 4.5.3 is based on Firefox ESR 31.8.0, which features important security updates to Firefox. Moreover, it contains an updated OpenSSL, NoScript and Torbutton, a fix for a crash bug visible with the security slider level set to "High" and a backport of a Tor patch to improve usability on websites.
- Update Firefox to 31.8.0esr.
- Update OpenSSL to 1.0.1o.
- Update NoScript to 22.214.171.124.
- Update Torbutton to 126.96.36.199.
- Bug 16397: Fix crash related to disabling SVG.
- Bug 16403: Set search parameters for Disconnect.
- Bug 16446: Update FTE bridge #1 fingerprint.
- Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com) (Tor patch backport).
What is new in version 4.5.1:
- Update Firefox to 31.7.0esr.
- Update meek to 0.18.
- Update Tor Launcher to 0.2.7.5.
- Update Torbutton to 188.8.131.52.
What is new in version 4.5:
- Update Tor to 0.2.6.7 with additional patches:
- Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
- Update NoScript to 184.108.40.206
- Update HTTPS-Everywhere to 5.0.3
- Bug 15689: Resume building HTTPS-Everywhere from git tags
- Update meek to 0.17
- Include obfs4proxy 0.0.5
- Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
- Pluggable Transport Dependency Updates:
- Bug 15265: Switch go.net repo to golang.org/x/net
- Bug 15448: Use golang 1.4.2 for meek and obs4proxy
- Update Tor Launcher to 0.2.7.4. Changes since 0.2.7.0.2 in 4.0.8:
- Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
- Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
- Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
- Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
- Bug 14336: Fix navigation button display issues on some wizard panes
- Bug 15657: Display the host:port of any connection faiures in bootstrap
- Bug 15704: Do not enable network if wizard is opened
What is new in version 4.0.6:
- Update Firefox to 31.6.0esr.
- Update meek to 0.16.
- Update OpenSSL to 1.0.1m.
What is new in version 4.0.4:
- Update Firefox to 31.5.0esr.
- Update OpenSSL to 1.0.1l.
- Update NoScript to 220.127.116.11.
- Update HTTPS-Everywhere to 4.0.3.
- Bug 14203: Prevent meek from displaying an extra update notification.
- Bug 14849: Remove new NoScript menu option to make permissions permanent.
- Bug 14851: Set NoScript pref to disable permanent permissions.
What is new in version 4.0.3:
- Update Firefox to 31.4.0esr
- Update NoScript to 18.104.22.168
- Update meek to 0.15
- Update Tor Launcher to 0.2.7.0.2
What is new in version 4.0.2:
- Update Firefox to 31.3.0esr.
- Update NoScript to 22.214.171.124.
- Update HTTPS Everywhere to 4.0.2.
- Update Torbutton to 126.96.36.199.
- Bug 13742: Fix domain isolation for content cache and disk-enabled browsing mode.
- Bug 5926: Prevent JS engine locale leaks (by setting the C library locale)
- Bug 13504: Remove unreliable/unreachable non-public bridges.
- Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr).
- Bug 13443: Fix DirectShow-related crash with mingw patch..
- Bug 13558: Fix crash on Windows XP during download folder changing.
- Bug 13594: Fix update failure for Windows XP users.
What is new in version 4.0.1:
- All Platforms
- Update Tor to 0.2.5.10
- Update NoScript to 188.8.131.52
- Bug 13301: Prevent extensions incompatibility error after upgrades
- Bug 13460: Fix MSVC compilation issue
- Bug 13443: Disable DirectShow to prevent crashes on many sites
- Bug 13091: Make app name "Tor Browser" instead of "Tor"
What is new in version 4.0:
- Update Firefox to 31.2.0esr
- Udate fteproxy to 0.2.19
- Update Tor to 0.2.5.8-rc (from 0.2.4.24)
- Update NoScript to 184.108.40.206
- Update Torbutton to 220.127.116.11 (from 18.104.22.168)
- Bug 13378: Prevent addon reordering in toolbars on first-run.
- Bug 10751: Adapt Torbutton to ESR31's Australis UI.
- Bug 13138: ESR31-about:tor shows "Tor is not working"
- Bug 12947: Adapt session storage blocker to ESR 31.
- Bug 10716: Take care of drag/drop events in ESR 31.
- Bug 13366: Fix cert exemption dialog when disk storage is enabled.
- Update Tor Launcher to 0.2.7.0.1 (from 0.2.5.6)
- Bug 11405: Remove firewall prompt from wizard.
- Bug 12895: Mention @riseup.net as a valid bridge request email address
- Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
- Bug 11199: Improve error messages if Tor exits unexpectedly
- Bug 12451: Add option to hide TBB's logo
- Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
- Bug 11471: Ensure text fits the initial configuration dialog
- Bug 9516: Send Tor Launcher log messages to Browser Console