Software Update: Tor Browser 11.5.8

Spread the love

Version 11.5.8 of Tor Browser has been released. Tor stands for The Onion Router and is a network that can be used to surf the Internet fairly anonymously. All users’ TCP traffic is routed through various Tor routers, after which it is virtually impossible for the recipient to find out who the original sender was. That information is still present within the Tor network, so that answers, of course also via the system of routers, eventually arrive at the right place. Version 11 is based on Firefox ESR 91, where version 10 was still ESR 78. The release notes for this release are as follows:

Tor Browser 11.5.8 (Android, Windows, macOS, Linux)

This release will not be published on Google Play due to their target API level requirements. Assuming we do not run into any major problems, Tor Browser 11.5.9 will be an Android-only release that fixes this issue. Tor Browser 11.5.8 backports the following security updates from Firefox ESR 102.5 to Firefox ESR 91.13 on Windows, macOS and Linux:

  • CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
  • CVE-2022-45403: Service Workers might have learned size of cross-origin media files
  • CVE-2022-45404: Full screen notification bypass
  • CVE-2022-45405: Use-after-free in InputStream implementation
  • CVE-2022-45406: Use-after-free of a JavaScript Realm
  • CVE-2022-45408: Fullscreen notification bypass via windowName
  • CVE-2022-45409: Use-after-free in Garbage Collection
  • CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy
  • CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers
  • CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
  • CVE-2022-45416: Keystroke Side-Channel Leakage
  • CVE-2022-45420: Iframe contents could be rendered outside the iframe
  • CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

Tor Browser 11.5.8 updates GeckoView on Android to Firefox ESR 102.5 and includes important security updates. Tor Browser 11.5.8 backports the following security updates from Firefox 107 to Firefox ESR 102.5 on Android:

The full changelog since Tor Browser 11.5.7 is:

All Platforms

  • Update Translations
  • Update OpenSSL to 1.1.1s
  • Update NoScript to 11.4.12
  • Update tor to 0.4.7.11
  • Update zlib to 1.2.13
  • Bug tor-browser-build#40622: Update obfs4proxy to 0.0.14 in Tor Browser

Windows + macOS + Linux

Android

  • Update GeckoView to 102.5.0esr
  • Bug tor browser#41461: Backport Android-specific 107-rr security fixes to 102.5-esr based Geckoview

Build

Version number 11.5.8
Release status Final
Operating systems Windows 7, Android, Linux, macOS, Windows 8, Windows 10, Windows 11
Website The Tor Project
Download
License type GPL
You might also like