Tor Browser 3.6.5 发布,现已提供在 Tor Browser 项目页面和 distribution directory。
此版本包括了 Firefox 下的一个重要安全更新。
此版本同时改进了 canvas 图片提取权限提示;记录有攻击性的脚本 urls 到浏览器控制台;恢复丢失的 RELRO hardening 选项到 Linux 绑定;禁用 NTLM 和 Negotiate HTTP auth (会泄漏电脑的敏感信息);为了避免分辨率识别,默认弹出新标签。
完整更新记录:
所有平台
Bug 12684: New strings for canvas image extraction message
Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
Bug 9531: Workaround to avoid rare hangs during New Identity
Update Firefox to 24.8.0esr
Update NoScript to 2.6.8.39
Update HTTPS Everywhere to 4.0.0
Update Torbutton to 1.6.12.1
Bug 12684: Improve Canvas image extraction permissions prompt
Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
Bug 12974: Disable NTLM and Negotiate HTTP Auth
Bug 2874: Remove Components.* from content access (regression)
Bug 9881: Open popups in new tabs by default
Linux:
Bug 12103: Adding RELRO hardening back to browser binaries.
同时发布了 Tor Browser 4.0-alpha-2 版本:
此版本现已提供下载,同时也包括了 Firefox 下重要安全更新。
Tor Browser 4.0 alpha 2 是第一个启动浏览器内基于 Firefox 的更新器,也就是说 Tor Browser 能像 Firefox 一样收到提示然后更新,可以直接通过 browser UI 下载和安装。
除了更新工具,同时还重新启用了 Windows 上的一些基础特性: ASLR, DEP 和 SSP。
此外,还改进了 NoScript behavior。
完整改进记录:
All Platforms
Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24
Bug 12684: New strings for canvas image extraction message
Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
Bug 11405: Remove firewall prompt from wizard.
Bug 12895: Mention @riseup.net as a valid bridge request email address
Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
Bug 11199: Improve error messages if Tor exits unexpectedly
Update Firefox to 24.8.0esr
Update NoScript to 2.6.8.39
Update Tor Launcher to 0.2.7.0
Update Torbutton to 1.6.12.1
Bug 12684: Improve Canvas image extraction permissions prompt
Bug 7265: Only prompt for first party canvas access. Log all scripts
that attempt to extract canvas images to Browser console.
Bug 12974: Disable NTLM and Negotiate HTTP Auth
Bug 2874: Remove Components.* from content access (regression)
Bug 4234: Automatic Update support (off by default)
Bug 9881: Open popups in new tabs by default
Meek Pluggable Transport:
Windows:
Bug 10065: Enable DEP, ASLR, and SSP hardening options
Linux:
Bug 12103: Adding RELRO hardening back to browser binaries.
Tor Browser Bundle 是一个基于 Firefox ESR (Firefox with extended support) 的 Web 浏览器,默认配置通过 Tor 和 Vidalia 实现了个人隐私保护和匿名。该版本包括三个扩展:Torbutton, NoScript and HTTPS-Everywhere.
软件详情:https://blog.torproject.org/blog/tor-browser-365-and-40-alpha-2-are-released
下载地址:https://www.torproject.org/download/download-easy.html
来自:开源中国社区
