Tor Browser Bundle For Mac Os X

Return to site

Tor Browser Bundle For Mac Os X

Changes for v4.0.6 - v4.0.8
All Platforms 
Bug 15637: Fix update loop due to improper versioning 
Update Tor to 0.2.5.12 
Update NoScript to 2.6.9.21 
We recently switched our build machine to Lion (OS X 10.7) which had some unintended effects on the Firefox/TorBrowser build. After consulting with Mozilla developers, Sebastian Hahn was able to nail down the problem and provide a fix.The Mac OS X Tor Browser Bundles have been updated so they should stop crashing for everyone now. The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser called Aurora, and is.
On newer versions of Mac OS X you may have to manually allow it to open. From the Tor Project download page: Install: Drag the Tor Browser icon to the Applications folder and open the Applications folder. Control-click: Control-click on the Tor Browser icon (click the mouse button while pressing the Control key on the keyboard) and choose.
If you have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be automatically upgraded to Tor Browser 4.5, optimized for your hardware, later this month. If you are running OS X 10.6 or 10.7, however, you will need to update manually once that version of Tor Browser is released, as described in the end-of-life announcement last year.
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained. Download Tor Browser Bundle.

Changes for v4.0.5 - v4.0.6
Contains updates to Firefox, meek, and OpenSSL; it is also the last release planned to run on 32-bit Apple hardware. If you have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be automatically upgraded to Tor Browser 4.5, optimized for your hardware, later this month. If you are running OS X 10.6 or 10.7, however, you will need to update manually once that version of Tor Browser is released, as described in the end-of-life announcement last year. 

Changes for v4.0.4 - v4.0.5
All Platforms 
Update Firefox to 31.5.3esr 
Update Tor 0.2.5.11 
Update NoScript to 2.6.9.19 

Changes for v4.0.3 - v4.0.4
All Platforms 
Update Firefox to 31.5.0esr 
Update OpenSSL to 1.0.1l 
Update NoScript to 2.6.9.15 
Update HTTPS-Everywhere to 4.0.3 
Bug 14203: Prevent meek from displaying an extra update notification 
Bug 14849: Remove new NoScript menu option to make permissions permanent 
Bug 14851: Set NoScript pref to disable permanent permissions 

Changes for v4.0.2 - v4.0.3
All Platforms 
Update Firefox to 31.4.0esr 
Update NoScript to 2.6.9.10 
Update meek to 0.15 
Update Tor Launcher to 0.2.7.0.2 
Translation updates only 

Changes for v4.0.1 - v4.0.2
All Platforms 
Update Firefox to 31.3.0esr 
Update NoScript to 2.6.9.5 
Update HTTPS Everywhere to 4.0.2 
Update Torbutton to 1.7.0.2 
Bug 13019: Synchronize locale spoofing pref with our Firefox patch 
Bug 13746: Properly link Torbutton UI to thirdparty pref. 
Bug 13742: Fix domain isolation for content cache and disk-enabled 
browsing mode 
Bug 5926: Prevent JS engine locale leaks (by setting the C library 
locale) 
Bug 13504: Remove unreliable/unreachable non-public bridges 
Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr) 
Windows 
Bug 13443: Fix DirectShow-related crash with mingw patch. 
Bug 13558: Fix crash on Windows XP during download folder changing 
Bug 13594: Fix update failure for Windows XP users 

Changes for v4.0 - v4.0.1
All Platforms 
Update Tor to 0.2.5.10 
Update NoScript to 2.6.9.3 
Bug 13301: Prevent extensions incompatibility error after upgrades 
Bug 13460: Fix MSVC compilation issue 
Windows 
Bug 13443: Disable DirectShow to prevent crashes on many sites 
Bug 13091: Make app name 'Tor Browser' instead of 'Tor' 

Changes for v3.6.6 - v4.0

All Platforms 
Update Firefox to 31.2.0esr 
Udate fteproxy to 0.2.19 
Update Tor to 0.2.5.8-rc (from 0.2.4.24) 
Update NoScript to 2.6.9.1 
Update Torbutton to 1.7.0.1 (from 1.6.12.3) 
Bug 13378: Prevent addon reordering in toolbars on first-run. 
Bug 10751: Adapt Torbutton to ESR31's Australis UI. 
Bug 13138: ESR31-about:tor shows 'Tor is not working' 
Bug 12947: Adapt session storage blocker to ESR 31. 
Bug 10716: Take care of drag/drop events in ESR 31. 
Bug 13366: Fix cert exemption dialog when disk storage is enabled. 
Update Tor Launcher to 0.2.7.0.1 (from 0.2.5.6) 
Bug 11405: Remove firewall prompt from wizard. 
Bug 12895: Mention @riseup.net as a valid bridge request email address 
Bug 12444: Provide feedback when 'Copy Tor Log' is clicked. 
Bug 11199: Improve error messages if Tor exits unexpectedly 
Bug 12451: Add option to hide TBB's logo 
Bug 11193: Change 'Tor Browser Bundle' to 'Tor Browser' 
Bug 11471: Ensure text fits the initial configuration dialog 
Bug 9516: Send Tor Launcher log messages to Browser Console 
Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads 
Bug 13016: Hide CSS -moz-osx-font-smoothing values. 
Bug 13356: Meek and other symlinks missing after complete update. 
Bug 13025: Spoof screen orientation to landscape-primary. 
Bug 13346: Disable Firefox 'slow to start' warnings and recordkeeping. 
Bug 13318: Minimize number of buttons on the browser toolbar. 
Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript) 
Bug 13023: Disable the gamepad API. 
Bug 13021: Prompt before allowing Canvas isPointIn*() calls. 
Bug 12460: Several cross-compilation and gitian fixes (see child tickets) 
Bug 13186: Disable DOM Performance timers 
Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage 
Bug 4234: Automatic Update support (off by default) 
Bug 11641: Reorganize bundle directory structure to mimic Firefox 
Bug 10819: Create a preference to enable/disable third party isolation 
Bug 13416: Defend against new SSLv3 attack (poodle). 
Windows: 
Bug 10065: Enable DEP, ASLR, and SSP hardening options 
Linux: 
Bug 13031: Add full RELRO hardening protection. 
Bug 10178: Make it easier to set an alternate Tor control port and password 
Bug 11102: Set Window Class to 'Tor Browser' to aid in Desktop navigation 
Bug 12249: Don't create PT debug files anymore 

Changes for v3.6.5 - v3.6.6
Update Tor to tor-0.2.4.24 
Update Firefox to 24.8.1esr 
Update NoScript to 2.6.8.42 
Update HTTPS Everywhere to 4.0.1 
Bug 12998: Prevent intermediate certs from being written to disk 
Update Torbutton to 1.6.12.3 
Bug 13091: Use 'Tor Browser' everywhere 
Bug 10804: Workaround fix for some cases of startup hang 

Changes for v3.6.3 - v3.6.4
Not yet .... 

Changes for v3.6.2 - v3.6.3
Update Firefox to 24.7.0esr 
Update obfsproxy to 0.2.12 
Update FTE to 0.2.17 
Update NoScript to 2.6.8.33 
Update HTTPS Everywhere to 3.5.3 
Bug 12673: Update FTE bridges 
Update Torbutton to 1.6.11.0 
Bug 12221: Remove obsolete Javascript components from the toggle era 
Bug 10819: Bind new third party isolation pref to Torbutton security UI 
Bug 9268: Fix some window resizing corner cases with DPI and taskbar size. 

Changes for v3.6.1 - v3.6.2
All Platforms 
Update Firefox to 24.6.0esr 
Update OpenSSL to 1.0.1h 
Update NoScript to 2.6.8.28 
Update Tor to 0.2.4.22 
Update Tor Launcher to 0.2.5.5 
Bug 10425: Provide geoip6 file location to Tor process 
Bug 11754: Remove untranslated locales that were dropped from Transifex 
Bug 11772: Set Proxy Type menu correctly after restart 
Bug 11699: Change   to in UI elements 
Update Torbutton to 1.6.10.0 
Bug 11510: about:tor should not report success if tor proxy is unreachable 
Bug 11783: Avoid b.webProgress error when double-clicking on New Identity 
Bug 11722: Add hidden pref to force remote Tor check 
Bug 11763: Fix pref dialog double-click race that caused settings to be reset 
Bug 11629: Support proxies with Pluggable Transports 
Updates FTEProxy to 0.2.15 
Updates obfsproxy to 0.2.9 
Backported Tor Patches: 
Bug 11654: Fix malformed log message in bug11156 patch. 
Bug 10425: Add in Tor's geoip6 files to the bundle distribution 
Bugs 11834 and 11835: Include Pluggable Transport documentation 
Bug 9701: Prevent ClipBoardCache from writing to disk. 
Bug 12146: Make the CONNECT Host header the same as the Request-URI. 
Bug 12212: Disable deprecated webaudio API 
Bug 11253: Turn on TLS 1.1 and 1.2. 
Bug 11817: Don't send startup time information to Mozilla. 

Changes for v3.6 - v3.6.1
All Platforms 
Update HTTPS-Everywhere to 3.5.1 
Update NoScript to 2.6.8.22 
Bug 11658: Fix proxy configuration for non-Pluggable Transports users 
Backport Pending Tor Patches: 
Bug 8402: Allow Tor proxy configuration while PTs are present 
Note: The Pluggable Transports themselves have not been updated to support proxy configuration yet. 

Changes for v3.5.4 - v3.6
All Platforms 
Update Firefox to 24.5.0esr 
Include Pluggable Transports by default: 
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.13 are now included 
Bug 11586: Include license files for component software in Docs directory. 
Bug 9010: Add Turkish language support. 
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion. 
Update NoScript to 2.6.8.20 
Update Tor Launcher to 0.2.5.4 
Bug 9665: Localize Tor's unreachable bridges bootstrap error 
Bug 10418: Provide UI configuration for Pluggable Transports 
Bug 10604: Allow Tor status & error messages to be translated 
Bug 10894: Make bridge UI clear that helpdesk is a last resort for bridges 
Bug 10610: Clarify wizard UI text describing obstacles/blocking 
Bug 11074: Support Tails use case (XULRunner and optional customizations) 
Bug 11482: Hide bridge settings prompt if no default bridges. 
Bug 11484: Show help button even if no default bridges. 
Update Torbutton to 1.6.9.0: 
Bug 11242: Fix improper 'update needed' message after in-place upgrade. 
Bug 10398: Ease translation of about:tor page elements 
Bug 9901: Fix browser freeze due to content type sniffing 
Bug 10611: Add Swedish (sv) to extra locales to update 
Bug 7439: Improve download warning dialog text. 
Bug 11384: Completely remove hidden toggle menu item. 
Backport Pending Tor Patches: 
Bug 9665: Report a bootstrap error if all bridges are unreachable 
Bug 11200: Prevent spurious error message prior to enabling network. 
Bug 5018: Don't launch Pluggable Transport helpers if not in use 
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs 
Bug 11069: Detect and report Pluggable Transport bootstrap failures 
Bug 11156: Prevent spurious warning about missing pluggable transports 
Mac: 
Bug 4261: Use DMG instead of ZIP for Mac packages 
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows 
Linux: 
Bug 11190: Switch linux PT build process to python2 
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds. 
Windows: 
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows 
Here is the changelog since the 3.6-beta-2: 
All Platforms 
Update Firefox to 24.5.0esr 
Update Tor Launcher to 0.2.5.4 
Bug 11482: Hide bridge settings prompt if no default bridges. 
Bug 11484: Show help button even if no default bridges. 
Update Torbutton to 1.6.9.0 
Bug 7439: Improve download warning dialog text. 
Bug 11384: Completely remove hidden toggle menu item. 
Update NoScript to 2.6.8.20 
Update fte transport to 0.2.13 
Backport Pending Tor Patches: 
Bug 11156: Additional obfsproxy startup error message fixes 
Bug 11586: Include license files for component software in Docs directory. 
Windows and Mac: 
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows builds 

Changes for v3.6 beta 1 - v3.6 beta 2
All Platforms 
Update OpenSSL to 1.0.1g 
Bug 9010: Add Turkish language support. 
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion. 
Update fte transport to 0.2.12 
Update NoScript to 2.6.8.19 
Update Torbutton to 1.6.8.1 
Bug 11242: Fix improper 'update needed' message after in-place upgrade. 
Bug 10398: Ease translation of about:tor page elements 
Update Tor Launcher to 0.2.5.3 
Bug 9665: Localize Tor's unreachable bridges bootstrap error 
Backport Pending Tor Patches: 
Bug 9665: Report a bootstrap error if all bridges are unreachable 
Bug 11200: Prevent spurious error message prior to enabling network. 
Linux: 
Bug 11190: Switch linux PT build process to python2 
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds. 
Windows: 
Bug 11286: Fix fte transport launch error 

Changes for v3.5.2.1 - v3.6 beta 1
All Platforms 
Update Firefox to 24.4.0esr 
Include Pluggable Transports by default: 
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included 
Update Tor Launcher to 0.2.5.1 
Bug 10418: Provide UI configuration for Pluggable Transports 
Bug 10604: Allow Tor status & error messages to be translated 
Bug 10894: Make bridge UI clear that helpdesk is a last resort for 
bridges 
Bug 10610: Clarify wizard UI text describing obstacles/blocking 
Bug 11074: Support Tails use case (XULRunner and optional 
customizations) 
Update Torbutton to 1.6.7.0: 
Bug 9901: Fix browser freeze due to content type sniffing 
Bug 10611: Add Swedish (sv) to extra locales to update 
Update NoScript to 2.6.8.17 
Update Tor to 0.2.4.21 
Backport Pending Tor Patches: 
Bug 5018: Don't launch Pluggable Transport helpers if not in use 
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs 
Bug 11069: Detect and report Pluggable Transport bootstrap failures 
Bug 11156: Prevent spurious warning about missing pluggable transports 
Bug 10237: Disable the media cache to prevent disk leaks for videos 
Bug 10703: Force the default charset to avoid locale fingerprinting 
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders) 
Mac: 
Bug 4271: Use DMG instead of ZIP for Mac packages 
Linux: 
Bug 9533: Fix keyboard input on Ubuntu 13.10 
Bug 9896: Provide debug symbols for Tor Browser binary 
Bug 10472: Pass arguments to the browser from Linux startup script 

Changes for v3.5.3 - v3.5.4
Update OpenSSL to 1.0.1g 

Changes for v3.5.2.1 - v3.5.3
All Platforms 
Update Firefox to 24.4.0esr 
Update Torbutton to 1.6.7.0: 
Bug 9901: Fix browser freeze due to content type sniffing 
Bug 10611: Add Swedish (sv) to extra locales to update 
Update NoScript to 2.6.8.17 
Update Tor to 0.2.4.21 
Bug 10237: Disable the media cache to prevent disk leaks for videos 
Bug 10703: Force the default charset to avoid locale fingerprinting 
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders) 

Changes for v3.5.2 - v3.5.2.1
* All Platforms 
 3 * Bug 10895: Fix broken localized bundles 
 4 * Windows: 
 5 * Bug 10323: Remove unneeded gcc/libstdc++ libraries from dist 

Changes for v3.5.1 - v3.5.2
Rebase Tor Browser to Firefox 24.3.0ESR 
Bug 10800: Prevent findbox exception and popup in New Identity 
Bug 10640: Fix about:tor's update pointer position for RTL languages. 
Bug 10095: Fix some cases where resolution is not a multiple of 200x100 
Bug 10285: Clear site permissions on New Identity 
Bug 9738: Fix for auto-maximizing on browser start 
Bug 10682: Workaround to really disable updates for Torbutton 
Bug 10419: Don't allow connections to localhost if Torbutton is toggled 
Bug 10140: Move Japanese to extra locales (not part of TBB dist) 
Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist) 
Update Tor Launcher to 0.2.4.4 
Bug 10682: Workaround to really disable updates for Tor Launcher 
Update NoScript to 2.6.8.13 

Changes for v2.3.25-13 - v2.3.25-14
Update Firefox to 17.0.10esr 
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f... 
Update LibPNG to 1.6.6 
Update NoScript to 2.6.8.4 
Update HTTPS-Everywhere to 3.4.2 
Firefox patch changes: 
Hide infobar for missing plugins. (closes: #9012) 
Change the default entry page for the addons tab to the installed addons page. (closes: #8364) 
Make flash objects really be click-to-play if flash is enabled. (closes: #9867) 
Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661) 
Remove polipo and privoxy from the banned ports list. (closes: #3661) 
misc: Fix a potential memory leak in the Image Cache isolation 
misc: Fix a potential crash if OS theme information is ever absent 

Changes for v2.3.25-12 - v2.3.25-13
Update Firefox to 17.0.9esr 
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f... 
Update HTTPS Everywhere to 3.4.1 
Update NoScript to 2.6.7.1 
Remove extraneous libevent libraries (closes: #9727) 
Enable GCC hardening for Tor 
Firefox patch changes: 
◦- Disable filtered results in Startpage omnibox (closes: #8839) 

Changes for v2.3.25-6 - v2.3.25-8
Update Firefox to 17.0.6esr 
Update HTTPS Everywhere to 3.2 
Update Torbutton to 1.5.2 
Update libpng to 1.5.15 
Update NoScript to 2.6.6.1 
Firefox patch changes: 
Apply font limits to @font-face local() fonts and disable fallback 
rendering for @font-face. (closes: #8455) 
Use Optimistic Data SOCKS handshake (improves page load performance). 
(closes: #3875) 
Honor the Windows theme for inverse text colors (without leaking those 
colors to content). (closes: #7920) 
Increase pipeline randomization and try harder to batch pipelined 
requests together. (closes: #8470) 
Fix an image cache isolation domain key misusage. May fix several image 
cache related crash bugs with New Identity, exit, and certain websites. 
(closes: #8628) 
Torbutton changes: 
Allow session restore if the user allows disk actvity (closes: #8457) 
Remove the Display Settings panel and associated locales (closes: #8301) 
Fix 'Transparent Torification' option. (closes: #6566) 
Fix a hang on New Identity. (closes: #8642) 
Build changes: 
Fetch our source deps from an https mirror (closes: #8286) 
Create watch scripts for syncing mirror sources and monitoring mirror 
integrity (closes: #8338) 

Changes for v2.3.25-4 - v2.3.25-5
Update Firefox to 17.0.4esr 
Update NoScript to 2.6.5.8 
Update HTTPS Everywhere to 3.1.4 
Fix non-English language bundles to have the correct branding 
Firefox patch changes: 
Remove 'This plugin is disabled' barrier 
This improves the user experience for HTML5 Youtube videos: 
They 'silently' attempt to load flash first, which was not so silent 
with this barrier in place. 
Disable NoScript's HTML5 media click-to-play barrier 
Fix a New Identity hang and/or crash condition 
Fix crash with Drag + Drop on Windows 
Torbutton changes: 
Fix Drag+Drop crash by using a new TBB drag observer 
Fix XML/E4X errors with Cookie Protections 
Don't clear cookies at shutdown if user wants disk history 
Leave IndexedDB and Offline Storage disabled. 
Clear DOM localStorage on New Identity. 
Don't strip 'third party' HTTP auth from favicons 
Localize the 'Spoof english' button strings 
Ask user for confirmation before enabling plugins 
Emit private browsing session clearing event on 'New Identity' 

Changes for v2.3.25-2 - v2.3.25-4
Update Firefox to 17.0.3esr 
Downgrade OpenSSL to 1.0.0k 
Update libpng to 1.5.14 
Update NoScript to 2.6.5.7 
Firefox patch changes: 
Exempt remote @font-face fonts from font limits (and prefer them). 
(closes: #8270) 
Remote fonts (aka 'User Fonts') are not a fingerprinting threat, so 
they should not count towards our CSS font count limits. Moreover, 
if a CSS font-family rule lists any remote fonts, those fonts are 
preferred over the local fonts, so we do not reduce the font count 
for that rule. 
This vastly improves rendering and typography for many websites. 
Disable WebRTC in Firefox build options. (closes: #8178) 
WebRTC isn't slated to be enabled until Firefox 18, but the code 
was getting compiled in already and is capable of creating UDP Sockets 
and bypassing Tor. We disable it from build as a safety measure. 
Move prefs.js into omni.ja and extension-overrides. (closes: #3944) 
This causes our browser pref changes to appear as defaults. It also 
means that future updates of TBB should preserve user pref settings. 
Fix a use-after-free that caused crashing on MacOS (closes: #8234) 
Eliminate several redundant, useless, and deprecated Firefox pref settings 
Report Firefox 17.0 as the Tor Browser user agent 
Use Firefox's click-to-play barrier for plugins instead of NoScript 
Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms 
This fixes a SOCKS race condition with our SOCKS autoport configuration 
and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy 
settings per URL now, which resulted in a proxy error for 
check.torproject.org if we lost the race. 
Torbutton was updated to 1.5.0. The following issues were fixed: 
Remove old toggle observers and related code (closes: #5279) 
Simplify Security Preference UI and associated pref updates (closes: #3100) 
Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) 
Leave most preferences under Tor Browser's control (closes: #3944) 
Disable toggle-on-startup and crash detection logic (closes: #7974) 
Disable/remove toggle-mode code and related observers (closes: #5379) 
Add menu hint to Torbutton icon (closes: #6431) 
Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) 
Perform version check every time there's a new tab. (closes: #6096) 
Rate limit version check queries to once every 1.5hrs max. (closes: #6156) 
misc: Allow WebGL and DOM storage. 
misc: Disable independent Torbutton updates 
misc: Change the recommended SOCKSPort to 9150 (to match TBB) 
The following Firefox patch changes are also included in this release: 
Isolate image cache to url bar domain (closes: #5742 and #6539) 
Enable DOM storage and isolate it to url bar domain (closes: #6564) 
Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) 
Misc preference changes: 
Disable DOM performance timers (dom.enable_performance) (closes: #6204) 
Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) 
Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) 
Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) 
Tor Browser Bundle For Mac Os X 10.10
Changes for v2.3.25-1 - v2.3.25-2
Update Firefox to 10.0.12esr 
Update Libevent to 2.0.21-stable 
Update HTTPS Everywhere to 3.1.2 
Update NoScript to 2.6.4.2 

Changes for v2.2.39-5 - v2.3.25-1
Update Tor to 0.2.3.25 
Update Firefox 10.0.11esr 
Update Vidalia to 0.2.21 
Update NoScript to 2.6.2 

Changes for v2.2.39-4 - v2.2.39-5
Update Firefox to 10.0.10esr 
Update NoScript to 2.5.9 

Changes for v2.2.39-3 - v2.2.39-4
Update Firefox patches to prevent crashing (closes: #7128) 
Update HTTPS Everywhere to 3.0.2 
Update NoScript to 2.5.8 

Changes for v2.2.39-1 - v2.2.39-3
Update Firefox to 10.0.9esr 
Update Torbutton to 1.4.6.3 
Update NoScript to 2.5.7 
Update HTTPS Everywhere to 2.2.2 
Update libpng to 1.5.13 

Changes for v2.2.38-2 - v2.2.39-1
Update Tor to 0.2.2.39 
Update NoScript to 2.5.4 

Changes for v2.2.38-1 - v2.2.38-2
Update Firefox to 10.0.7esr 
Update Libevent to 2.0.20-stable 
Update NoScript to 2.5.2 
Update HTTPS Everywhere to 2.2.1 

Changes for v2.2.37-2 - v2.2.38-1
Update Tor to 0.2.2.38 
Update NoScript to 2.5 
Update HTTPS Everywhere to 2.1 

Changes for v2.2.37-2 - v2.3.20 alpha 1
Update Tor to 0.2.3.20-rc 
Update NoScript to 2.5 
Change the urlbar search engine to Startpage 
Firefox patch updates: 
Fix the Tor Browser SIGFPE crash bug 
Add a redirect API for HTTPS-Everywhere 
Enable WebGL (as click-to-play only) 

Changes for v2.2.35-11 - v2.2.35-12
Update OpenSSL to 1.0.1c 
Update Libevent to 2.0.19-stable 
Update zlib to 1.2.7 
Update NoScript to 2.4.1 

Changes for v2.2.35-10 - v2.2.35-11
Tor Browser Mac Os XSecurity release to stop TorBrowser from bypassing SOCKS proxy DNS configuration 
New Firefox patches: 
Prevent WebSocket DNS leak (closes: #5741) 
Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715) 
Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722) 
Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc 

Changes for v2.2.35-8 - v2.2.35-9
Update Firefox to 12.0 
Update OpenSSL to 1.0.1b 
Update Libevent to 2.0.18-stable 
Update Qt to 4.8.1 
Update Libpng to 1.5.10 
Update HTTPS Everywhere to 2.0.2 
Update NoScript to 2.3.9 
Rebrand Firefox to TorBrowser (closes: #2176) 
New Firefox patches 
Make Download Manager memory-only (closes: #4017) 
Add DuckDuckGo and Startpage to Omnibox (closes: #4902) 
Add Steven Michaud's OS X crash fix patch. It doesn't fix #5021 but will hopefully help us debug further. See also: 
https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35 
Make the 32-bit Tor Browser Bundle compatible with OS X 10.5 

Changes for v2.2.35-7 - v2.2.35-8
Tor Browser Bundle For Mac Os X 10.12Update Firefox to 11.0 
Update OpenSSL to 1.0.0h 
Update NoScript to 2.3.4 
Update HTTPS Everywhere to 2.0.1 
Always build to with warnings enabled (closes: #4470) 
Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) 
Windows 
Remove tor-resolve from the Windows bundle (closes: #5403) 
Mac OS X 
Give OS X users below 10.5 an incompatibility message (closes: #4356) 
Linux 
Don't attempt to load the default KDE 4 theme from Vidalia, because that fails when the Qt versions don't match (closes: #5214) 

Changes for v2.3.25-2 - v2.3.25-3
Update OpenSSL to 1.0.1d 
Update HTTPS Everywhere to 3.1.3 
Update NoScript to 2.6.4.4 

Get connectedIf you are in a country where Tor is blocked, you can configure Tor to connect to a bridge during the setup process. 
Select 'Tor is censored in my country.'
Tor Browser Bundle For Mac Os XIf Tor is not censored, one of the most common reasons Tor won't connect is an incorrect system clock. Please make sure it's set correctly.
 Read other FAQ's at our Support Portal Stay safePlease do not torrent over Tor. 
 Tor Browser will block browser plugins such as Flash, RealPlayer, QuickTime, and others: they can be manipulated into revealing your IP address.
We do not recommend installing additional add-ons or plugins into Tor Browser

All Platforms 
Update Firefox to 31.2.0esr 
Udate fteproxy to 0.2.19 
Update Tor to 0.2.5.8-rc (from 0.2.4.24) 
Update NoScript to 2.6.9.1 
Update Torbutton to 1.7.0.1 (from 1.6.12.3) 
Bug 13378: Prevent addon reordering in toolbars on first-run. 
Bug 10751: Adapt Torbutton to ESR31's Australis UI. 
Bug 13138: ESR31-about:tor shows 'Tor is not working' 
Bug 12947: Adapt session storage blocker to ESR 31. 
Bug 10716: Take care of drag/drop events in ESR 31. 
Bug 13366: Fix cert exemption dialog when disk storage is enabled. 
Update Tor Launcher to 0.2.7.0.1 (from 0.2.5.6) 
Bug 11405: Remove firewall prompt from wizard. 
Bug 12895: Mention @riseup.net as a valid bridge request email address 
Bug 12444: Provide feedback when 'Copy Tor Log' is clicked. 
Bug 11199: Improve error messages if Tor exits unexpectedly 
Bug 12451: Add option to hide TBB's logo 
Bug 11193: Change 'Tor Browser Bundle' to 'Tor Browser' 
Bug 11471: Ensure text fits the initial configuration dialog 
Bug 9516: Send Tor Launcher log messages to Browser Console 
Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads 
Bug 13016: Hide CSS -moz-osx-font-smoothing values. 
Bug 13356: Meek and other symlinks missing after complete update. 
Bug 13025: Spoof screen orientation to landscape-primary. 
Bug 13346: Disable Firefox 'slow to start' warnings and recordkeeping. 
Bug 13318: Minimize number of buttons on the browser toolbar. 
Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript) 
Bug 13023: Disable the gamepad API. 
Bug 13021: Prompt before allowing Canvas isPointIn*() calls. 
Bug 12460: Several cross-compilation and gitian fixes (see child tickets) 
Bug 13186: Disable DOM Performance timers 
Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage 
Bug 4234: Automatic Update support (off by default) 
Bug 11641: Reorganize bundle directory structure to mimic Firefox 
Bug 10819: Create a preference to enable/disable third party isolation 
Bug 13416: Defend against new SSLv3 attack (poodle). 
Windows: 
Bug 10065: Enable DEP, ASLR, and SSP hardening options 
Linux: 
Bug 13031: Add full RELRO hardening protection. 
Bug 10178: Make it easier to set an alternate Tor control port and password 
Bug 11102: Set Window Class to 'Tor Browser' to aid in Desktop navigation 
Bug 12249: Don't create PT debug files anymore 

Changes for v3.6.5 - v3.6.6
Update Tor to tor-0.2.4.24 
Update Firefox to 24.8.1esr 
Update NoScript to 2.6.8.42 
Update HTTPS Everywhere to 4.0.1 
Bug 12998: Prevent intermediate certs from being written to disk 
Update Torbutton to 1.6.12.3 
Bug 13091: Use 'Tor Browser' everywhere 
Bug 10804: Workaround fix for some cases of startup hang 

Changes for v3.6.3 - v3.6.4
Not yet .... 

Changes for v3.6.2 - v3.6.3
Update Firefox to 24.7.0esr 
Update obfsproxy to 0.2.12 
Update FTE to 0.2.17 
Update NoScript to 2.6.8.33 
Update HTTPS Everywhere to 3.5.3 
Bug 12673: Update FTE bridges 
Update Torbutton to 1.6.11.0 
Bug 12221: Remove obsolete Javascript components from the toggle era 
Bug 10819: Bind new third party isolation pref to Torbutton security UI 
Bug 9268: Fix some window resizing corner cases with DPI and taskbar size. 

Changes for v3.6.1 - v3.6.2
All Platforms 
Update Firefox to 24.6.0esr 
Update OpenSSL to 1.0.1h 
Update NoScript to 2.6.8.28 
Update Tor to 0.2.4.22 
Update Tor Launcher to 0.2.5.5 
Bug 10425: Provide geoip6 file location to Tor process 
Bug 11754: Remove untranslated locales that were dropped from Transifex 
Bug 11772: Set Proxy Type menu correctly after restart 
Bug 11699: Change   to in UI elements 
Update Torbutton to 1.6.10.0 
Bug 11510: about:tor should not report success if tor proxy is unreachable 
Bug 11783: Avoid b.webProgress error when double-clicking on New Identity 
Bug 11722: Add hidden pref to force remote Tor check 
Bug 11763: Fix pref dialog double-click race that caused settings to be reset 
Bug 11629: Support proxies with Pluggable Transports 
Updates FTEProxy to 0.2.15 
Updates obfsproxy to 0.2.9 
Backported Tor Patches: 
Bug 11654: Fix malformed log message in bug11156 patch. 
Bug 10425: Add in Tor's geoip6 files to the bundle distribution 
Bugs 11834 and 11835: Include Pluggable Transport documentation 
Bug 9701: Prevent ClipBoardCache from writing to disk. 
Bug 12146: Make the CONNECT Host header the same as the Request-URI. 
Bug 12212: Disable deprecated webaudio API 
Bug 11253: Turn on TLS 1.1 and 1.2. 
Bug 11817: Don't send startup time information to Mozilla. 

Changes for v3.6 - v3.6.1
All Platforms 
Update HTTPS-Everywhere to 3.5.1 
Update NoScript to 2.6.8.22 
Bug 11658: Fix proxy configuration for non-Pluggable Transports users 
Backport Pending Tor Patches: 
Bug 8402: Allow Tor proxy configuration while PTs are present 
Note: The Pluggable Transports themselves have not been updated to support proxy configuration yet. 

Changes for v3.5.4 - v3.6
All Platforms 
Update Firefox to 24.5.0esr 
Include Pluggable Transports by default: 
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.13 are now included 
Bug 11586: Include license files for component software in Docs directory. 
Bug 9010: Add Turkish language support. 
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion. 
Update NoScript to 2.6.8.20 
Update Tor Launcher to 0.2.5.4 
Bug 9665: Localize Tor's unreachable bridges bootstrap error 
Bug 10418: Provide UI configuration for Pluggable Transports 
Bug 10604: Allow Tor status & error messages to be translated 
Bug 10894: Make bridge UI clear that helpdesk is a last resort for bridges 
Bug 10610: Clarify wizard UI text describing obstacles/blocking 
Bug 11074: Support Tails use case (XULRunner and optional customizations) 
Bug 11482: Hide bridge settings prompt if no default bridges. 
Bug 11484: Show help button even if no default bridges. 
Update Torbutton to 1.6.9.0: 
Bug 11242: Fix improper 'update needed' message after in-place upgrade. 
Bug 10398: Ease translation of about:tor page elements 
Bug 9901: Fix browser freeze due to content type sniffing 
Bug 10611: Add Swedish (sv) to extra locales to update 
Bug 7439: Improve download warning dialog text. 
Bug 11384: Completely remove hidden toggle menu item. 
Backport Pending Tor Patches: 
Bug 9665: Report a bootstrap error if all bridges are unreachable 
Bug 11200: Prevent spurious error message prior to enabling network. 
Bug 5018: Don't launch Pluggable Transport helpers if not in use 
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs 
Bug 11069: Detect and report Pluggable Transport bootstrap failures 
Bug 11156: Prevent spurious warning about missing pluggable transports 
Mac: 
Bug 4261: Use DMG instead of ZIP for Mac packages 
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows 
Linux: 
Bug 11190: Switch linux PT build process to python2 
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds. 
Windows: 
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows 
Here is the changelog since the 3.6-beta-2: 
All Platforms 
Update Firefox to 24.5.0esr 
Update Tor Launcher to 0.2.5.4 
Bug 11482: Hide bridge settings prompt if no default bridges. 
Bug 11484: Show help button even if no default bridges. 
Update Torbutton to 1.6.9.0 
Bug 7439: Improve download warning dialog text. 
Bug 11384: Completely remove hidden toggle menu item. 
Update NoScript to 2.6.8.20 
Update fte transport to 0.2.13 
Backport Pending Tor Patches: 
Bug 11156: Additional obfsproxy startup error message fixes 
Bug 11586: Include license files for component software in Docs directory. 
Windows and Mac: 
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows builds 

Changes for v3.6 beta 1 - v3.6 beta 2
All Platforms 
Update OpenSSL to 1.0.1g 
Bug 9010: Add Turkish language support. 
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion. 
Update fte transport to 0.2.12 
Update NoScript to 2.6.8.19 
Update Torbutton to 1.6.8.1 
Bug 11242: Fix improper 'update needed' message after in-place upgrade. 
Bug 10398: Ease translation of about:tor page elements 
Update Tor Launcher to 0.2.5.3 
Bug 9665: Localize Tor's unreachable bridges bootstrap error 
Backport Pending Tor Patches: 
Bug 9665: Report a bootstrap error if all bridges are unreachable 
Bug 11200: Prevent spurious error message prior to enabling network. 
Linux: 
Bug 11190: Switch linux PT build process to python2 
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds. 
Windows: 
Bug 11286: Fix fte transport launch error 

Changes for v3.5.2.1 - v3.6 beta 1
All Platforms 
Update Firefox to 24.4.0esr 
Include Pluggable Transports by default: 
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included 
Update Tor Launcher to 0.2.5.1 
Bug 10418: Provide UI configuration for Pluggable Transports 
Bug 10604: Allow Tor status & error messages to be translated 
Bug 10894: Make bridge UI clear that helpdesk is a last resort for 
bridges 
Bug 10610: Clarify wizard UI text describing obstacles/blocking 
Bug 11074: Support Tails use case (XULRunner and optional 
customizations) 
Update Torbutton to 1.6.7.0: 
Bug 9901: Fix browser freeze due to content type sniffing 
Bug 10611: Add Swedish (sv) to extra locales to update 
Update NoScript to 2.6.8.17 
Update Tor to 0.2.4.21 
Backport Pending Tor Patches: 
Bug 5018: Don't launch Pluggable Transport helpers if not in use 
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs 
Bug 11069: Detect and report Pluggable Transport bootstrap failures 
Bug 11156: Prevent spurious warning about missing pluggable transports 
Bug 10237: Disable the media cache to prevent disk leaks for videos 
Bug 10703: Force the default charset to avoid locale fingerprinting 
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders) 
Mac: 
Bug 4271: Use DMG instead of ZIP for Mac packages 
Linux: 
Bug 9533: Fix keyboard input on Ubuntu 13.10 
Bug 9896: Provide debug symbols for Tor Browser binary 
Bug 10472: Pass arguments to the browser from Linux startup script 

Changes for v3.5.3 - v3.5.4
Update OpenSSL to 1.0.1g 

Changes for v3.5.2.1 - v3.5.3
All Platforms 
Update Firefox to 24.4.0esr 
Update Torbutton to 1.6.7.0: 
Bug 9901: Fix browser freeze due to content type sniffing 
Bug 10611: Add Swedish (sv) to extra locales to update 
Update NoScript to 2.6.8.17 
Update Tor to 0.2.4.21 
Bug 10237: Disable the media cache to prevent disk leaks for videos 
Bug 10703: Force the default charset to avoid locale fingerprinting 
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders) 

Changes for v3.5.2 - v3.5.2.1
* All Platforms 
 3 * Bug 10895: Fix broken localized bundles 
 4 * Windows: 
 5 * Bug 10323: Remove unneeded gcc/libstdc++ libraries from dist 

Changes for v3.5.1 - v3.5.2
Rebase Tor Browser to Firefox 24.3.0ESR 
Bug 10800: Prevent findbox exception and popup in New Identity 
Bug 10640: Fix about:tor's update pointer position for RTL languages. 
Bug 10095: Fix some cases where resolution is not a multiple of 200x100 
Bug 10285: Clear site permissions on New Identity 
Bug 9738: Fix for auto-maximizing on browser start 
Bug 10682: Workaround to really disable updates for Torbutton 
Bug 10419: Don't allow connections to localhost if Torbutton is toggled 
Bug 10140: Move Japanese to extra locales (not part of TBB dist) 
Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist) 
Update Tor Launcher to 0.2.4.4 
Bug 10682: Workaround to really disable updates for Tor Launcher 
Update NoScript to 2.6.8.13 

Changes for v2.3.25-13 - v2.3.25-14
Update Firefox to 17.0.10esr 
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f... 
Update LibPNG to 1.6.6 
Update NoScript to 2.6.8.4 
Update HTTPS-Everywhere to 3.4.2 
Firefox patch changes: 
Hide infobar for missing plugins. (closes: #9012) 
Change the default entry page for the addons tab to the installed addons page. (closes: #8364) 
Make flash objects really be click-to-play if flash is enabled. (closes: #9867) 
Make getFirstPartyURI log+handle errors internally to simplify caller usage of the API. (closes: #3661) 
Remove polipo and privoxy from the banned ports list. (closes: #3661) 
misc: Fix a potential memory leak in the Image Cache isolation 
misc: Fix a potential crash if OS theme information is ever absent 

Changes for v2.3.25-12 - v2.3.25-13
Update Firefox to 17.0.9esr 
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f... 
Update HTTPS Everywhere to 3.4.1 
Update NoScript to 2.6.7.1 
Remove extraneous libevent libraries (closes: #9727) 
Enable GCC hardening for Tor 
Firefox patch changes: 
◦- Disable filtered results in Startpage omnibox (closes: #8839) 

Changes for v2.3.25-6 - v2.3.25-8
Update Firefox to 17.0.6esr 
Update HTTPS Everywhere to 3.2 
Update Torbutton to 1.5.2 
Update libpng to 1.5.15 
Update NoScript to 2.6.6.1 
Firefox patch changes: 
Apply font limits to @font-face local() fonts and disable fallback 
rendering for @font-face. (closes: #8455) 
Use Optimistic Data SOCKS handshake (improves page load performance). 
(closes: #3875) 
Honor the Windows theme for inverse text colors (without leaking those 
colors to content). (closes: #7920) 
Increase pipeline randomization and try harder to batch pipelined 
requests together. (closes: #8470) 
Fix an image cache isolation domain key misusage. May fix several image 
cache related crash bugs with New Identity, exit, and certain websites. 
(closes: #8628) 
Torbutton changes: 
Allow session restore if the user allows disk actvity (closes: #8457) 
Remove the Display Settings panel and associated locales (closes: #8301) 
Fix 'Transparent Torification' option. (closes: #6566) 
Fix a hang on New Identity. (closes: #8642) 
Build changes: 
Fetch our source deps from an https mirror (closes: #8286) 
Create watch scripts for syncing mirror sources and monitoring mirror 
integrity (closes: #8338) 

Changes for v2.3.25-4 - v2.3.25-5
Update Firefox to 17.0.4esr 
Update NoScript to 2.6.5.8 
Update HTTPS Everywhere to 3.1.4 
Fix non-English language bundles to have the correct branding 
Firefox patch changes: 
Remove 'This plugin is disabled' barrier 
This improves the user experience for HTML5 Youtube videos: 
They 'silently' attempt to load flash first, which was not so silent 
with this barrier in place. 
Disable NoScript's HTML5 media click-to-play barrier 
Fix a New Identity hang and/or crash condition 
Fix crash with Drag + Drop on Windows 
Torbutton changes: 
Fix Drag+Drop crash by using a new TBB drag observer 
Fix XML/E4X errors with Cookie Protections 
Don't clear cookies at shutdown if user wants disk history 
Leave IndexedDB and Offline Storage disabled. 
Clear DOM localStorage on New Identity. 
Don't strip 'third party' HTTP auth from favicons 
Localize the 'Spoof english' button strings 
Ask user for confirmation before enabling plugins 
Emit private browsing session clearing event on 'New Identity' 

Changes for v2.3.25-2 - v2.3.25-4
Update Firefox to 17.0.3esr 
Downgrade OpenSSL to 1.0.0k 
Update libpng to 1.5.14 
Update NoScript to 2.6.5.7 
Firefox patch changes: 
Exempt remote @font-face fonts from font limits (and prefer them). 
(closes: #8270) 
Remote fonts (aka 'User Fonts') are not a fingerprinting threat, so 
they should not count towards our CSS font count limits. Moreover, 
if a CSS font-family rule lists any remote fonts, those fonts are 
preferred over the local fonts, so we do not reduce the font count 
for that rule. 
This vastly improves rendering and typography for many websites. 
Disable WebRTC in Firefox build options. (closes: #8178) 
WebRTC isn't slated to be enabled until Firefox 18, but the code 
was getting compiled in already and is capable of creating UDP Sockets 
and bypassing Tor. We disable it from build as a safety measure. 
Move prefs.js into omni.ja and extension-overrides. (closes: #3944) 
This causes our browser pref changes to appear as defaults. It also 
means that future updates of TBB should preserve user pref settings. 
Fix a use-after-free that caused crashing on MacOS (closes: #8234) 
Eliminate several redundant, useless, and deprecated Firefox pref settings 
Report Firefox 17.0 as the Tor Browser user agent 
Use Firefox's click-to-play barrier for plugins instead of NoScript 
Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms 
This fixes a SOCKS race condition with our SOCKS autoport configuration 
and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy 
settings per URL now, which resulted in a proxy error for 
check.torproject.org if we lost the race. 
Torbutton was updated to 1.5.0. The following issues were fixed: 
Remove old toggle observers and related code (closes: #5279) 
Simplify Security Preference UI and associated pref updates (closes: #3100) 
Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) 
Leave most preferences under Tor Browser's control (closes: #3944) 
Disable toggle-on-startup and crash detection logic (closes: #7974) 
Disable/remove toggle-mode code and related observers (closes: #5379) 
Add menu hint to Torbutton icon (closes: #6431) 
Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) 
Perform version check every time there's a new tab. (closes: #6096) 
Rate limit version check queries to once every 1.5hrs max. (closes: #6156) 
misc: Allow WebGL and DOM storage. 
misc: Disable independent Torbutton updates 
misc: Change the recommended SOCKSPort to 9150 (to match TBB) 
The following Firefox patch changes are also included in this release: 
Isolate image cache to url bar domain (closes: #5742 and #6539) 
Enable DOM storage and isolate it to url bar domain (closes: #6564) 
Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) 
Misc preference changes: 
Disable DOM performance timers (dom.enable_performance) (closes: #6204) 
Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) 
Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) 
Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) 
Tor Browser Bundle For Mac Os X 10.10
Changes for v2.3.25-1 - v2.3.25-2
Update Firefox to 10.0.12esr 
Update Libevent to 2.0.21-stable 
Update HTTPS Everywhere to 3.1.2 
Update NoScript to 2.6.4.2 

Changes for v2.2.39-5 - v2.3.25-1
Update Tor to 0.2.3.25 
Update Firefox 10.0.11esr 
Update Vidalia to 0.2.21 
Update NoScript to 2.6.2 

Changes for v2.2.39-4 - v2.2.39-5
Update Firefox to 10.0.10esr 
Update NoScript to 2.5.9 

Changes for v2.2.39-3 - v2.2.39-4
Update Firefox patches to prevent crashing (closes: #7128) 
Update HTTPS Everywhere to 3.0.2 
Update NoScript to 2.5.8 

Changes for v2.2.39-1 - v2.2.39-3
Update Firefox to 10.0.9esr 
Update Torbutton to 1.4.6.3 
Update NoScript to 2.5.7 
Update HTTPS Everywhere to 2.2.2 
Update libpng to 1.5.13 

Changes for v2.2.38-2 - v2.2.39-1
Update Tor to 0.2.2.39 
Update NoScript to 2.5.4 

Changes for v2.2.38-1 - v2.2.38-2
Update Firefox to 10.0.7esr 
Update Libevent to 2.0.20-stable 
Update NoScript to 2.5.2 
Update HTTPS Everywhere to 2.2.1 

Changes for v2.2.37-2 - v2.2.38-1
Update Tor to 0.2.2.38 
Update NoScript to 2.5 
Update HTTPS Everywhere to 2.1 

Changes for v2.2.37-2 - v2.3.20 alpha 1
Update Tor to 0.2.3.20-rc 
Update NoScript to 2.5 
Change the urlbar search engine to Startpage 
Firefox patch updates: 
Fix the Tor Browser SIGFPE crash bug 
Add a redirect API for HTTPS-Everywhere 
Enable WebGL (as click-to-play only) 

Changes for v2.2.35-11 - v2.2.35-12
Update OpenSSL to 1.0.1c 
Update Libevent to 2.0.19-stable 
Update zlib to 1.2.7 
Update NoScript to 2.4.1 

Changes for v2.2.35-10 - v2.2.35-11
Tor Browser Mac Os XSecurity release to stop TorBrowser from bypassing SOCKS proxy DNS configuration 
New Firefox patches: 
Prevent WebSocket DNS leak (closes: #5741) 
Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715) 
Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722) 
Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc 

Changes for v2.2.35-8 - v2.2.35-9
Update Firefox to 12.0 
Update OpenSSL to 1.0.1b 
Update Libevent to 2.0.18-stable 
Update Qt to 4.8.1 
Update Libpng to 1.5.10 
Update HTTPS Everywhere to 2.0.2 
Update NoScript to 2.3.9 
Rebrand Firefox to TorBrowser (closes: #2176) 
New Firefox patches 
Make Download Manager memory-only (closes: #4017) 
Add DuckDuckGo and Startpage to Omnibox (closes: #4902) 
Add Steven Michaud's OS X crash fix patch. It doesn't fix #5021 but will hopefully help us debug further. See also: 
https://bugzilla.mozilla.org/show_bug.cgi?id=715885#c35 
Make the 32-bit Tor Browser Bundle compatible with OS X 10.5 

Changes for v2.2.35-7 - v2.2.35-8
Tor Browser Bundle For Mac Os X 10.12Update Firefox to 11.0 
Update OpenSSL to 1.0.0h 
Update NoScript to 2.3.4 
Update HTTPS Everywhere to 2.0.1 
Always build to with warnings enabled (closes: #4470) 
Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) 
Windows 
Remove tor-resolve from the Windows bundle (closes: #5403) 
Mac OS X 
Give OS X users below 10.5 an incompatibility message (closes: #4356) 
Linux 
Don't attempt to load the default KDE 4 theme from Vidalia, because that fails when the Qt versions don't match (closes: #5214) 

Changes for v2.3.25-2 - v2.3.25-3
Update OpenSSL to 1.0.1d 
Update HTTPS Everywhere to 3.1.3 
Update NoScript to 2.6.4.4 

Get connectedIf you are in a country where Tor is blocked, you can configure Tor to connect to a bridge during the setup process. 
Select 'Tor is censored in my country.'
Tor Browser Bundle For Mac Os XIf Tor is not censored, one of the most common reasons Tor won't connect is an incorrect system clock. Please make sure it's set correctly.
 Read other FAQ's at our Support Portal Stay safePlease do not torrent over Tor. 
 Tor Browser will block browser plugins such as Flash, RealPlayer, QuickTime, and others: they can be manipulated into revealing your IP address.
We do not recommend installing additional add-ons or plugins into Tor Browser
Web Browsers Mac Os XPlugins or addons may bypass Tor or compromise your privacy. Tor Browser already comes with HTTPS Everywhere, NoScript, and other patches to protect your privacy and security.
Check out the Tor Browser manual for more troubleshooting tips.
Stand up for privacy and freedom online.We're a nonprofit organization and rely on supporters like you to help us keep Tor robust and secure for millions of people worldwide.
Donate Now