Mike Perry announced the release of Tor Browser 4.5.1, which is based on Firefox ESR 31.7.0 and features important security updates to Firefox. The 4.5.1 release also addresses several regressions and usability issues discovered during the 4.5 release. The most notable change is that we have slightly relaxed the first party isolation privacy property, due to issues encountered on several file hosting sites as well as other sites that host content on multiple subdomains. Tor Circuit use and tracking identifiers are now all isolated to the base (top-level) domain only, as opposed to the full domain name. This change is also consistent with the browser URL bar – isolation is now performed based on the bold portion of the website address in the URL bar.
NoScript ClearClick clickjacking protection was temporarily disabled, as it was experiencing false positives due to changes in Tor Browser that cause errors in NoScript’s evaluation of the content window. These issues were most commonly experienced with ReCaptcha captcha input, but occurred elsewhere as well.
Tor Browser 4.5.1 changelog
- Update Firefox to 31.7.0esr
- Update meek to 0.18
- Update Tor Launcher to 0.2.7.5
- Update Torbutton to 188.8.131.52
- Bug 15837: Show descriptions if unchecking custom mode
- Bug 15927: Force update of the NoScript UI when changing security level
- Bug 15915: Hide circuit display if it is disabled.
- Translation updates
- Bug 15945: Disable NoScript’s ClearClick protection for now
- Bug 15933: Isolate by base (top-level) domain name instead of FQDN
- Bug 15857: Fix file descriptor leak in updater that caused update failures
- Bug 15899: Fix errors with downloading and displaying PDFs
- Bug 15872: Fix meek pluggable transport startup issue with Windows 7
- Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
- Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Install Tor Browser 4.5.1 on Ubuntu OS
sudo add-apt-repository ppa:webupd8team/tor-browser sudo apt-get update sudo apt-get install tor-browsercomments powered by Disqus