Tor Browser 10.0.12 Is Released
The latest version of the Tor projects web browser bundle has their re-branded Mozilla Firefox browser updated to version 78.8.0esr, the NoScript for it updated to version 11.2.2 and the Tor client is updated to version 0.4.5.6. Firefox 78.8.0esr contains three high impact security fixes so Tor users who use this bundle should upgrade.
The Tor Browser is a bundle with a slightly modified version of Mozilla Firefox ESR, some browser extensions and a Tor client. It is developed by the Tor project, so the Tor Browser is less prone to very unfortunate and highly embarrassing gaping security holes like the DNS leaks in recent versions of the Brave Web Browser.
- CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
- CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
- CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
None of those appear to have the potential to compromise a Tor users identity, but they are security-related bugs and it is better to be safe than sorry if you use Tor for something critical.
The Android version has also been updated to Firefox 86.1.0. The Android version is fundamentally different from the desktop version and it uses regular Firefox versions instead of the ESR releases the desktop versions are based on.
Tor Browser version 10.0.12 for Windows, macOS, Linux and Android can be acquired from www.torproject.org/download/. The actual Tor Browser in the Tor Browser bundle assumes that you will use the Tor client in that bundle so you will have to do some manual configuration if you are already running a system-installed Tor client on your machine.