New Update Tor Browser available for Windows, macOS, Linux, Android

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
Tor Browser 11.5.8 is now available from the Tor Browser download page and also from our distribution directory. This release will not be published on Google Play due to their target API level requirements. Assuming we do not run into any major problems, Tor Browser 11.5.9 will be an Android-only release that fixes this issue.

Tor Browser 11.5.8 backports the following security updates from Firefox ESR 102.5 to to Firefox ESR 91.13 on Windows, macOS and Linux:
Tor Browser 11.5.8 updates GeckoView on Android to Firefox ESR 102.5 and includes important security updates. Tor Browser 11.5.8 backports the following security updates from Firefox 107 to Firefox ESR 102.5 on Android:
The full changelog since Tor Browser 11.5.7 is:
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
Tor Browser 12.0 is the first multi-locale release, making it easier to switch between interface languages. New Tor Browser installations will match the system language by default. Existing Tor Browser installations will retain the selected display language during the upgrade from Tor 11.x to 12.0.

Apple users who run devices with Apple Silicon hardware find native implementations of Tor Browser for their platforms now. The team followed Mozilla's approach and released universal binaries, which run on Intel and Apple Silicon devices. The correct version is selected automatically on run.

Tor Browser for Android has seen several improvements in the release. HTTPS-Only is turned on, making it the default mode on Android. The new security feature requires HTTPS connections on Android and protects users of Tor on Android "against SSL stripping attacks".

Another new feature is the ability to prioritize .onion sites in the Android browser. The feature needs to be turned on in the privacy and security settings of the browser. Once turned on, Tor Browser for Android will redirect users to the .onion site if the regular site is accessed; this works only if the site in question has Onion-Location configured.
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
New Release: Tor Browser 12.0.2
The full changelog since Tor Browser 12.0.1 is:
 
Last edited:

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
New Release: Tor Browser 12.0.3
The full changelog since Tor Browser 12.0.2 is:

 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

New Release: Tor Browser 12.0.4​

March 18, 2023
The full changelog since Tor Browser 12.0.3 is:
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

Tor Browser 12.0.5 released​

Tor Browser 12.0.5 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.10.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 112.



The full changelog since Tor Browser 12.0.4 is:
 
Last edited:

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
Tor Browser 12.0.6 is now available from the Tor Browser download page and also from our distribution directory. This release updates Firefox to 102.11esr, including bug fixes, stability improvements and important security updates. There were no Android-specific security updates to backport from the Firefox 113 release.



The full changelog since Tor Browser 12.0.5 is:
 
Last edited:

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
Tor Browser 12.0.7 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.12.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 114.

Build-Signing Infrastructure Updates​

We are once again able to code-sign our executable Windows installer, so new installations on the Windows platform no longer need to perform a build-to-build update from an older version. We apologize for all the inconvenience this caued.

Send us your feedback​

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog​

The full changelog since Tor Browser 12.0.6 is:
  • All Platforms
    • Updated Translations
    • Updated NoScript to 11.4.22
    • Updated OpenSSL to 1.1.1u
    • Bug tor-browser#41764: TTP-02-004 OOS: No user-activation required to download files (Low)
    • Bug tor-browser#41794: Rebase Tor Browser and Base Browser stable to 102.12esr
  • Windows + macOS + Linux
    • Updated Firefox to 102.12esr
    • Bug tor-browser#41777: Internally shippped manual does not adapt to RTL languages (it always align to the left)
  • Android
    • Updated GeckoView to 102.12esr
    • Bug tor-browser#41805: Backport Android-specific security fixes from Firefox 114 to ESR 102.12-based
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

New release: Tor Browser 12.5​


Tor Browser 12.5 is now available from the Tor Browser download page and our distribution directory. Many of the features in this release were made possible thanks to two projects:
Since 2021 we've provided digital security training to hundreds of journalists and human rights defenders in Brazil, Ecuador and Mexico alongside Guardian Project and Tails. During these workshops we documented pain points with our applications' user experience, and returned to validate potential solutions with Tor Browser Alpha in follow-up trips.
Secondly, in April we announced the launch of Mullvad Browser, a new privacy browser built by the Tor Project and distributed by Mullvad. This collaboration has enabled us to refactor Tor Browser's build system, address numerous legacy issues and conduct an accessibility review of Tor Browser's custom components – which you can learn more about below.

What's new?​


Updated circuit display​

In Tor Browser for desktop, the Tor circuit for each of your tabs can be found in the circuit display. Up until this release the circuit display lived in the site information panel – meaning you'd have to click the padlock icon (or onion icon, in the case of onion sites) to the left of the address bar to access it. Usability testing participants often struggled to find the circuit display when asked, and users generally needed to be taught where it lived.
To fix this, we've moved the circuit display behind a colorful new icon that sits beside the padlock. In addition, relays now have flags to help make their locations easier to identify at a glance; the design of onion site circuits has been made more concise; SecureDrop users who visit a human-readable onion name can now see and switch back to the underlying V3 onion address; and the panel as a whole has been rebuilt from scratch for better compatibility with screen readers.

Screenshot of the updated circuit display for securedrop.org in Tor Browser for desktop


New onion site icons​

Previously, onion sites were represented by the onion-glyph – a tiny, flat version of Tor Browser's onion logo. Now, when you visit an onion site in Tor Browser 12.5 on either desktop or Android you'll notice something new.
It's important to recognize that onion services are not exclusive to Tor Browser, and are a product in their own right. As onion service adoption has grown among civil society groups, human rights organizations, and news media outlets, so too has support for visiting onion services by third-party apps. Today, in addition to Tor Browser, you can also access onion services in compatible apps like Orbot, Onion Browser and Brave, to name a few. Given that, it no longer makes sense to continue to represent onion sites with an icon so closely associated with Tor Browser, and we're excited to introduce their new identity today.

Screenshot of the ProPublica onion site in Tor Browser for desktop and Android


Improved connection experience​

In Tor Browser 10.5 for desktop we retired the Tor Launcher in favor of a new interface that allows users to connect to Tor from the browser window itself. This feature unlocked the added benefit of being able to access Tor Browser's other menus while offline, including Connection settings, which offers greater functionality than the equivalent Tor Launcher settings page ever did.
Since that release, usability testing participants have sometimes had difficulty figuring out how to connect after navigating away from the Connect to Tor tab. To remedy this, we've made the Connect button accessible in the address bar of any page you visit while offline, and Tor Browser will connect automatically after you've configured a bridge in Connection settings. We've also improved the visibility of the browser's connection status, which can now be found in the top-right of the browser window, and you'll notice a new connection icon appear throughout the browser too.

Screenshot of the Connection settings tab before connecting in Tor Browser for desktop


Better accessibility​

As Tor Browser is based on the Extended Support Release of Firefox, we reuse as much of Firefox's front-end user experience as possible so that we can concentrate our resources on privacy and security issues. However Tor Browser also includes many custom pages and components on top of Firefox.
In parallel with longstanding efforts by Mozilla to improve Firefox's accessibility, we began an accessibility review of our own to document issues with Tor Browser for desktop's custom features. This review has now been completed, and we're beginning to deploy the first fixes in what will be a multi-release effort to improve Tor Browser's accessibility.
Since Tor Browser 11.5 we've refactored several components including bundled changelogs (about:tbupdate), the circuit display, the security level panel, miscellaneous dialogs and other parts of the browser chrome. If you use a screen reader or any other assistive technology, we'd love to get your help testing past and future fixes by volunteering as an alpha tester and feeding back to our developers on the Tor forum.

Screenshot of the internal changelog with the security level panel expanded in Tor Browser for desktop
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

New Release: Tor Browser 12.5.1​


Tor Browser 12.5.1 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.13.0esr, including bug fixes, stability improvements and important security updates. There were no Android-specific security updates to backport from the Firefox 115 release.


The full changelog since Tor Browser 12.5 is:
  • All Platforms
    • Updated Translations
    • Updated NoScript to 11.4.24
    • Bug tor-browser#41860: Rebase 12.5 stable to 102.13esr
  • Windows + macOS + Linux
    • Updated Firefox to 102.13.0esr
    • Bug tor-browser#41854: Download Spam Protection cannot be overridden to allow legitimate downloads
    • Bug tor-browser#41856: Onion service authorization prompt's key field does not get focus when clicked
    • Bug tor-browser#41858: 'Learn more' link in onboarding links to 12.0 release notes and not 12.5
  • Android
    • Updated GeckoView to 102.13.0esr
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

New Release: Tor Browser 12.5.2​


Tor Browser 12.5.2 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.14.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 116.


The full changelog since Tor Browser 12.5.1 is:

  • All Platforms
    • Updated Translations
    • Updated NoScript to 11.4.26
    • Bug tor-browser#41908: Rebase stable 12.5 to 102.14esr
  • Windows + macOS + Linux
    • Updated Firefox to 102.14.0esr
  • Windows
    • Bug tor-browser#41761: xul.dll win crash tor-browser 12.5.1 (based on Mozilla Firefox 102.13.0esr) (64-Bit)
  • Android
    • Updated GeckoView to 102.14.0esr
    • Bug tor-browser#41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser
  • Build System
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

New Release: Tor Browser 12.5.3​


Tor Browser 12.5.3 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 102.15.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 117.

Full changelog​


The full changelog since Tor Browser 12.5.2 is:

 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

New Release: Tor Browser 12.5.4​


Tor Browser 12.5.4 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox and GeckoView to 102.15.1esr and fixes CVE-2023-4863: Heap buffer overflow in libwebp


The full changelog since Tor Browser 12.5.3 is:
  • All Platforms
  • Windows + macOS + Linux
    • Updated Firefox to 102.15.1esr
  • Android
    • Updated GeckoView to 102.15.1esr
  • Build System
    • All Platforms
      • Updated Go to 1.20.8
 
Last edited:

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
Tor Browser 12.5.5 is now available from the Tor Browser download page and also from our distribution directory.

This release backports important security updates from Firefox 115.3.0esr. We also backported the Android-specific security updates from Firefox 118.

The full changelog since Tor Browser 12.5.4 is:
  • All Platforms
    • Updated tor to 0.4.7.15
    • Updated NoScript to 11.4.27
    • Updated Translations
    • Bug tor-browser#42120: Use foursquare as domain front for snowflake
    • Bug tor-browser#42123: Backport security fixes from Firefox 118 to ESR 102.15 / 115.3 - based Tor Browser
  • Windows + macOS + Linux
 

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
Tor Browser 12.5.6 is now available from the Tor Browser download page and also from our distribution directory.


This release backports important security updates from Firefox 115.3.1.0esr.

Full changelog​


The full changelog since Tor Browser 12.5.5 is:



 

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083

New release: Tor Browser 13.0​

Tor Browser 13.0 is now available from the Tor Browser download page and our distribution directory.

This is our first stable release based on Firefox ESR 115, incorporating a year's worth of changes shipped upstream. As part of this process we've also completed our annual ESR transition audit, where we review Firefox's changelog for issues that may negatively affect the privacy and security of Tor Browser users and disable any problematic patches where necessary. Our final reports from this audit are now available in the tor-browser-spec repository on our Gitlab instance.

Particularly notable are the accessibility improvements we've gained as a result of the transition to Firefox ESR 115. While eagle-eyed users may notice small visual changes to the user interface (for example, internal links are now underlined), Tor Browser 13.0 is our first release to inherit the redesigned accessibility engine introduced by Mozilla in Firefox 113. This change promises to improve performance significantly for people who use screen readers and other assistive technology.

What's new?​

Refreshed application icons​

Earlier this year we spent some time artworking the Mullvad Browser logo into the various assets needed to support its release – including application, installer and document icons that conform to each platform's conventions. While getting up to speed with the current requirements for each platform, we identified a number of gaps with Tor Browser too, and started working on new icons for Tor Browser in parallel.

For context, Tor Browser's current icon (sometimes referred to as the "onion logo") was selected by community poll over four years ago to succeed the older purple and green globe in Tor Browser 8.5. Given the community's involvement in its selection, its recognizability by netizens, and the simple fact that we still love the existing icon, we chose to focus on refining rather than replacing it entirely.

One of the motivations behind work like this is our philosophy that privacy-preserving products shouldn't be purely utilitarian, but can also spark joy. However there are practical benefits too: adhering to platform conventions provides better consistency, discernible application and installer icons help prevent user error, and attracting new users benefits everyone because anonymity loves company.

New application icons for each release channel


New homepage​

For the past year we've been working on a significant rewrite of Tor Browser's back-end, which recently provided us with the opportunity to rebuild one of the few internal pages that hasn't changed in a while: the homepage (often referred to by its internal reference, "about:tor"). Tor Browser 13.0's homepage now features the new application icons, a simplified design, and the ability to "onionize" your DuckDuckGo searches by switching to the DuckDuckGo onion site. Continuing the work that began in Tor Browser 12.5 to improve the browser's accessibility, the redesigned homepage also offers better support for users of screen readers and other assistive technology too.

Existing Tor Browser users can rejoice that the "red screen of death" – an infamous error state that the previous homepage would occasionally trip itself into – is long gone. As part of the back-end rewrite we've removed the automatic Tor network connectivity check that was a hold-over from the legacy tor-launcher, where bootstrapping was handled by an extension that ran before the browser interface appeared. As a result of the tighter tor integration and in-browser bootstrapping experience introduced in Tor Browser 10.5, the old logic behind this check would often fail and present some users with the red screen of death, even if their connection was fine.

In fact, all of the reports we've received of users hitting this screen with the default tor configuration since Tor Browser 10.5 have proven to be false positives, causing undue alarm. Although the check is arguably still useful for users running non-default configurations, neither of the main environments which do so – Tails and Whonix – use about:tor as their default new-tab or home pages. For everyone else, we've added a new banner to the redesigned homepage in place of the red screen of death to check that tor is connected and working as expected.

Screenshot of the new homepage in Tor Browser 13.0


Bigger new windows​

The explanation for how and why Tor Browser works this way is going to get into the weeds a little, so be warned. However the main thing to take away is that new windows should be bigger by default and present themselves in a more useful landscape aspect-ratio for the majority of desktop users in Tor Browser 13.0. Now, about those weeds...

Letterboxing was introduced in Tor Browser 9.0 to allow users to resize their browser window without fear of being fingerprinted by rounding the inner content window (sometimes referred to as the "viewport") down to multiples of 200 x 100 pixels. This technique works by grouping the window sizes of most users into a series of common "buckets", protecting individual users within those buckets from being singled-out based on their window or screen size.

In order to preserve these protections when opening new windows, Tor Browser overrides platform defaults and will instead select a size that conforms to our letterboxing steps up to a maximum of 1000 x 1000 pixels. However, while that may have been fine in the past, a max width of 1000px is no longer suitable for the modern web. For example, on many newer websites the first responsive break point lies somewhere in the range of 1000 – 1200px, meaning by default Tor Browser users would receive website menus and layouts intended for tablet and mobile devices. Alternatively, on certain websites, users would receive the desktop version but with the annoyance of a horizontal scroll bar instead. This, naturally, would lead to users of these websites needing to expand each new window manually before it's usable.

In response we've bumped up the max size of new windows up to 1400 x 900 pixels and amended the letterboxing steps to match. Thanks to the increase in width, Tor Browser for desktop should no longer trigger responsive break points on larger screens and the vast majority of our desktop users will see a familiar landscape aspect-ratio more in-keeping with modern browsers. This particular size was chosen by crunching the numbers to offer greater real estate for new windows without increasing the number of buckets past the point of their usefulness. As an added bonus, we also expect that Tor Browser users will not feel the need to manually change their window size as frequently as before – thereby keeping more users aligned to the default buckets.

Illustration that visualizes the increased width of new windows in Tor Browser


Technical notes​

We're pleased to report that we've made the naming scheme for all our build outputs mutually consistent. Essentially, this means that going forward the names of all our build artifacts should follow the format ${ARTIFACT}-${OS}-${ARCH}-${VERSION}.${EXT}. For example, the macOS .dmg package for 12.5 was named TorBrowser-12.5-macos_ALL.dmg, whereas for 13.0 it's named tor-browser-macos-13.0.dmg.

If you are a downstream packager or download Tor Browser artifacts using scripts or automation, you'll need to do a little more work beyond just bumping the version number to support this and future releases.

Contributions 💜

Thanks to all of the teams across Tor, and the wider community, who contributed to this release. In particular we'd like to extend our gratitude to the following volunteers who have contributed their expertise, labour, and time to this release:

  • anonym
  • cypherpunks1
  • Fabrizio
  • FlexFoot
  • guest475646844
  • honorton
  • ilf
  • JeremyRand
  • nervuri
  • Rusty Bird
  • shanzhanz
  • thorin
  • trinity-1686a

Send us your feedback​

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog​

The full changelog since Tor Browser 12.5.6 is:

Source
 
Last edited by a moderator:

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

New Release: Tor Browser 13.0.1​

Tor Browser 13.0.1 is now available from the Tor Browser download page and also from our distribution directory.

This release backports important security updates from Firefox 115.4.0esr and

This release updates Firefox to 115.4.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 119.


The full changelog since Tor Browser 13.0 is:
 

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108

Putting Censorship Circumvention to the Test: Security Audit Findings​

Helping users bypass internet censorship and ensuring their online safety and security is at the core of everything we do. To protect the communities we serve, we want to ensure that our technologies are resilient against threats and attacks. To put our efforts to the test, we've tasked Cure53 to perform a security audit of Tor Browser and other tools related to censorship circumvention.

Security audits are important, they uncover blind spots, peel back assumptions, and show us ways to improve our overall security posture. A series of penetration tests and code audits were performed specifically targeting methods by which users connect to bridges in Tor Browser, as well as OONI Probe, rdsys, BridgeDB and Conjure.

We invite you to read the full report, the testing period covered 72 days between November 2022 and April 2023 and was followed by a period of issue mitigation.

Overview of Findings​

The auditors remarked that although the scope was large, the number of issues uncovered was low, and that Tor in general adopts "an admirably robust and hardened security posture and sound design decisions." The auditor further said our code was written to a "first-rate standard and conformed to secure coding practices", and that we have adopted highly-advanced and deliberately security focused building processes around Tor Browser because of our reproducible builds, build signing, and more. "All which contribute towards considerable defense-in-depth security posture." They concluded that the components they audited are in a healthy state from a security stand-point.

The audit outlined vulnerabilities, weaknesses and a couple of high-severity issues, alongside a set of recommended fixes and hardening guidance. Overall, the Tor Browser received a positive and satisfactory rating, proving it is "sufficiently robust and hardened against a multitude of common threats and attack vectors."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top