New Alpha Release: Tor Browser 11.5a13 (Android, Windows, macOS, Linux)

by richard | July 2, 2022

Tor Browser 11.5a13 is now available from the Tor Browser download page and also from our distribution directory.

Tor Browser 11.5a13 updates Firefox on Windows, macOS, and Linux to 91.10.0esr.

We use the opportunity as well to update various other components of Tor Browser:

  • NoScript 11.4.6
  • Tor Launcher 0.2.36
  • Tor 0.4.7.8

This version includes important security updates to Firefox.

The full changelog since Tor Browser 11.5a12 is:


This is a companion discussion topic for the original entry at https://blog.torproject.org/new-release-tor-browser-115a13/
3 Likes

This Alpha patches multiple high severity vulnerabilities which aren’t patched in the stable so would it realistically be safer to use this instead or would the instability cause more potential problems than the vulnerabilities themselves?

Perhaps I’m missing something here but the only high severity security bugs I see are the one included in Firefox 91.10. The stable Tor Browser release was updated to Firefox 91.10 with the 11.0.14 release.

1 Like

Sorry, it was actually my mistake as I thought it was a list of currently active vulnerabilities but its actually a list of fixed vulnerabilities as you mentioned

It is however worth being aware that the Android app has not been updated to Firefox 91.10 so the vulnerabilities presumably still exist there? If so does anyone know when TBA will get 91.10 upgrade? @PieroV @aguestuser

i’m having troubles to connect. WHY? what was changed that my configuration doesn’t work
properly anymore?
i’m running a firewall. tor tries to connect to
Fastly, Inc. - San Francisco, California, United States on every launch.
151.101.1.69 151.101.65.69 151.101.129.69 151.101.193.69
platform: linux ; Tor Browser 11.5a13

You could check the logs.

1 Like

Hello.
91.x are ESR updates, but TBA is (currently) on the rapid release channel. The equivalent update would be Firefox 101.

Things on Android are complicated (many moving parts, the rapid release channel does not help and it needs one audit per month).
The latest plans were to update to 102 (so, skip 101), and then see if we can somehow keep Android on the ESR channel (Mozilla doesn’t have one for Android, so we’ll have to create it by ourselves).
But I don’t know about any ETA, nor whether we’ll sync with desktop first (the first alpha of 12.0 will be based on 102 ESR as well).

i have to revoke my complaint. i can’t reproduce this strange behavior exactly.
the fansly IPs seem to be a bridge. there was nothing useful in the tor logs.
no message like ‘tor is trying to connect to a brdge now’.

Thanks for getting back to me, as you are currently waiting to apply the 102 updates incorporating the 101 fixes would that mean the list of exploits will remain active until the 102 update is given?

1 Like

I guess it’s correct, except for the ones that were patched with an emergency Firefox release a while ago.

Good, could you please list the exploits which are still currently active until 102? Thanks

1 Like

Why is the previous torbrowser-install-win64-11.5a12_en-US.exe_r052922 75,960 KB.
This new one is much, much bigger torbrowser-install-win64-11.5a13_r062922 is so much bigger. 96,782 KB. By A Lot. What changed, I always keep an older one and never seen such a dramatic change in sizes.