Silk Road forums

Discussion => Security => Topic started by: TravellingWithoutMoving on February 24, 2013, 03:21 am

Title: New Tor-browser bundle 2.3.25-4 available
Post by: TravellingWithoutMoving on February 24, 2013, 03:21 am
""
We've updated all of the bundles with Firefox 17.0.3esr. This includes significant changes to Torbutton and its interaction with Firefox, in addition to many new patches being added to Firefox, which are outlined below.

Very important: if you've been using the Tor Browser Bundles with Firefox 10.0.x, you must not attempt to overwrite it with the new bundle. Open these into their own directory and do not copy any profile material from older TBB versions.




Tor Browser Bundle (2.3.25-4)

    Update Firefox to 17.0.3esr
    Downgrade OpenSSL to 1.0.0k
    Update libpng to 1.5.14
    Update NoScript to 2.6.5.7
    Firefox patch changes:
        Exempt remote @font-face fonts from font limits (and prefer them).
        (closes: #8270)
            Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
            they should not count towards our CSS font count limits. Moreover,
            if a CSS font-family rule lists any remote fonts, those fonts are
            preferred over the local fonts, so we do not reduce the font count
            for that rule.
            This vastly improves rendering and typography for many websites.
        Disable WebRTC in Firefox build options. (closes: #8178)
            WebRTC isn't slated to be enabled until Firefox 18, but the code
            was getting compiled in already and is capable of creating UDP Sockets
            and bypassing Tor. We disable it from build as a safety measure.
        Move prefs.js into omni.ja and extension-overrides. (closes: #3944)
            This causes our browser pref changes to appear as defaults. It also
            means that future updates of TBB should preserve user pref settings.
        Fix a use-after-free that caused crashing on MacOS (closes: #8234)
        Eliminate several redundant, useless, and deprecated Firefox pref settings
        Report Firefox 17.0 as the Tor Browser user agent
        Use Firefox's click-to-play barrier for plugins instead of NoScript
        Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
            This fixes a SOCKS race condition with our SOCKS autoport configuration
            and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
            settings per URL now, which resulted in a proxy error for
            check.torproject.org if we lost the race.
    Torbutton was updated to 1.5.0. The following issues were fixed:
        Remove old toggle observers and related code (closes: #5279)
        Simplify Security Preference UI and associated pref updates (closes: #3100)
        Eliminate redundancy in our Flash/plugin disabling code (closes: #7470)
        Leave most preferences under Tor Browser's control (closes: #3944)
        Disable toggle-on-startup and crash detection logic (closes: #7974)
        Disable/remove toggle-mode code and related observers (closes: #5279)
        Add menu hint to Torbutton icon (closes: #6431)
        Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
        Perform version check every time there's a new tab. (closes: #6096)
        Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
        misc: Allow WebGL and DOM storage.
        misc: Disable independent Torbutton updates
        misc: Change the recommended SOCKSPort to 9150 (to match TBB)

The following Firefox patch changes are also included in this release:

    Isolate image cache to url bar domain (closes: #5742 and #6539)
    Enable DOM storage and isolate it to url bar domain (closes: #6564)
    Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
    Misc preference changes:
        Disable DOM performance timers (dom.enable_performance) (closes: #6204)
        Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
        Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
        Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
""
Title: Re: New Tor-browser bundle 2.3.25-4 available
Post by: pajag88 on February 24, 2013, 04:54 am
hey i got a question why cant I access normal net but I can access net through tor ??
can I download this thru tor ??
Title: Re: New Tor-browser bundle 2.3.25-4 available
Post by: PrincessHIGH on February 24, 2013, 05:19 am
hey i got a question why cant I access normal net but I can access net through tor ??
can I download this thru tor ??
Tor warns/blocks you from downloading as a safeguard to protect your anonymity.
The torproject website (clearwebalert) https://www.torproject.org/download/download explains why in more depth.
Quote from: Tor Project
Don't open documents downloaded through Tor while online
The Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to useBitTorrent and Tor together, however.
Title: Re: New Tor-browser bundle 2.3.25-4 available
Post by: pajag88 on February 24, 2013, 05:54 am
I don't know what the fuck that exactly was but for some reason everything got cut of from the internet could only access through the tor network but I downloaded that update after resetting IP and worked, got paranoid that my provider cut me off or smth
Title: Re: New Tor-browser bundle 2.3.25-4 available
Post by: PrincessHIGH on February 24, 2013, 05:59 am
I don't know what the fuck that exactly was but for some reason everything got cut of from the internet could only access through the tor network but I downloaded that update after resetting IP and worked, got paranoid that my provider cut me off or smth
Good to hear you've solved your problem, happy tor browsing :)
Title: Re: New Tor-browser bundle 2.3.25-4 available
Post by: pajag88 on February 24, 2013, 06:37 am
thank you ! last question :) is the proper firefox tor bundle version to use the one which ends with 4 ? so much confusing info out there :p
Title: Re: New Tor-browser bundle 2.3.25-4 available
Post by: PrincessHIGH on February 24, 2013, 06:44 am
thank you ! last question :) is the proper tor bundle version to use the one which ends with 24 ?
You're welcome 2.3.25-4 is the most up-to-date version, your download should say 'tor-browser-2.3.25-4_en-US.exe'. Double check you've downloaded it from here (clearwebalert) www.torproject.org/download/download-easy.html.en and you'll be fine :)