The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-02-03T19:06:19Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21798Does not display the manually added root certificats2022-02-03T19:06:19ZTracDoes not display the manually added root certificatsI added the certificate of a custom AC ("Import") and now I want to remove it. But it does not appear in the list "View Certificates", making it impossible to remove.
Tor Browser 6.5.1 (updated today) running on a Debian machine. I test...I added the certificate of a custom AC ("Import") and now I want to remove it. But it does not appear in the list "View Certificates", making it impossible to remove.
Tor Browser 6.5.1 (updated today) running on a Debian machine. I tested with the CAcert http://cacert.org/ root certificate.
On the same machine, a Firefox 45.7.0 does not show the problem: "View certificates" show me my manually added certificates.
**Trac**:
**Username**: bortzmeyerhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21763Improve Cookie settings2022-07-26T12:50:13ZcypherpunksImprove Cookie settingsabout:preferences#privacy
Before:
[_] Accept Cookies from sites
After:
[_] Accept Cookies from clearnet sites
[X] Accept Cookies from .onion sites
I had to add my .onion site to "Exceptions"(Allow for session).
It automatically cleare...about:preferences#privacy
Before:
[_] Accept Cookies from sites
After:
[_] Accept Cookies from clearnet sites
[X] Accept Cookies from .onion sites
I had to add my .onion site to "Exceptions"(Allow for session).
It automatically cleared when I restart the browser.
Please make this permanent by:
a) Add new option: [X] Don't clear my cookie exceptions list.
b) Or, add new cookie option, like above.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21483DuckDuckGo Onion should be the default instead of DuckDuckGo2023-06-14T21:14:29ZTracDuckDuckGo Onion should be the default instead of DuckDuckGoNow that single onion services are a thing it seems that DuckDuckGo Onion should be the default
**Trac**:
**Username**: lolscreenNow that single onion services are a thing it seems that DuckDuckGo Onion should be the default
**Trac**:
**Username**: lolscreenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21444Webcam light flashes when I open NoScript menu2022-02-03T19:06:33ZTracWebcam light flashes when I open NoScript menuWhen I click the "NoScript" icon in Tor Browser Bundle version 6.5, my webcam light flashes for a split second, almost like it records something for a split second. I've been having this problem for a while, and decided it's time to file...When I click the "NoScript" icon in Tor Browser Bundle version 6.5, my webcam light flashes for a split second, almost like it records something for a split second. I've been having this problem for a while, and decided it's time to file a bug report for this.
I'm running Gentoo kernel version 4.9.6, I have installed the Tor Browser Bundle with the layman repo git://github.com/MeisterP/torbrowser-overlay.git, and my webcam is a USB device, works properly using V4L kernel drivers, and is considered a UVC input device.
I can record a video of this happening if anybody thinks it would be helpful.
Thanks,
ChatTor
**Trac**:
**Username**: ChatTorhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21331Incorrect default browser window size for ver6.5 on 1024 x 768 resolution s...2022-02-03T19:06:33ZTracIncorrect default browser window size for ver6.5 on 1024 x 768 resolution screens.Starting with Tor Browser Bundle 6.5 A2 or A3 the default browser window size upon startup is incorrect for monitor resolutions of 1024 x 768. The browser window is too narrow and short compared to the 6.0 version. This handicaps...Starting with Tor Browser Bundle 6.5 A2 or A3 the default browser window size upon startup is incorrect for monitor resolutions of 1024 x 768. The browser window is too narrow and short compared to the 6.0 version. This handicaps anonymity.
**Trac**:
**Username**: torgurlhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21224Youtube fullscreen errorr in TBB fullscreen mode on MacOS 10.122022-06-22T15:56:57ZTracYoutube fullscreen errorr in TBB fullscreen mode on MacOS 10.12Since the window resizing logic was updated in the 6.5 alphas there is a problem with fullscreen videos on Youtube.
I'm on a fully up to date MacOS Sierra installation and when I put the Tor Browser in the native Mac fullscreen mode and ...Since the window resizing logic was updated in the 6.5 alphas there is a problem with fullscreen videos on Youtube.
I'm on a fully up to date MacOS Sierra installation and when I put the Tor Browser in the native Mac fullscreen mode and then put a Youtube video in fullscreen from that window it only shows in a small rectangle in the upper left corner of the screen.
Other websites with video players don't have this problem.
When I take Tor Browser back out of its fullscreen mode then the Youtube video works fullscreen as normal again but it seems it is overlaying the window and not using the native Mac fullscreen apis.
I can make a screenshot if necessary but it should be easily reproducible.
**Trac**:
**Username**: exattohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20795Torbrowser crashes if it can't DNS resolve the Socks5Proxy host in torrc2022-02-03T19:06:33ZTracTorbrowser crashes if it can't DNS resolve the Socks5Proxy host in torrcUsing Torbrowser 6.0.6 on OS X Yosemite.
When in the office behind our corporate firewall I configure Torbrowser to use our socks5 proxy.
When at home Torbrowser crashes on launch.
If I delete the Sock5Proxy line from torrc it works.
...Using Torbrowser 6.0.6 on OS X Yosemite.
When in the office behind our corporate firewall I configure Torbrowser to use our socks5 proxy.
When at home Torbrowser crashes on launch.
If I delete the Sock5Proxy line from torrc it works.
If I put a dummy entry for my office socks proxy host in /etc/hosts torbrowser doesn't crash.
Tor should trap a failed DNS resolve when validating the proxy config on launch and tell the user that it can't connect to the internet.
**Trac**:
**Username**: gaffer206https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20784TBB on OSX: "Something went wrong..."2021-07-14T17:00:34ZTracTBB on OSX: "Something went wrong..."I am new to TOR. Downloaded browser and went to open it. Once opened it stated "Something Went Wrong TOR not working in this browser. For help contact : help@rt.torproject.org
I'm running the latest version of OSX. I do not have a VPN ...I am new to TOR. Downloaded browser and went to open it. Once opened it stated "Something Went Wrong TOR not working in this browser. For help contact : help@rt.torproject.org
I'm running the latest version of OSX. I do not have a VPN as I can not afford to buy one...
Help!
**Trac**:
**Username**: devildevinehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20639Bundle tb-manual HTML pages inside Tor Browser2021-07-16T16:42:56ZArthur EdelsteinBundle tb-manual HTML pages inside Tor BrowserFollow up to legacy/trac#20614. Instead of linking to the Tor Browser manual on torproject.org, we should instead bundle it with the browser. And there should be a button that displays the manual to help users who are getting stuck tryin...Follow up to legacy/trac#20614. Instead of linking to the Tor Browser manual on torproject.org, we should instead bundle it with the browser. And there should be a button that displays the manual to help users who are getting stuck trying to connect to the tor network.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20557Upstream the BSD Diversity Project Tor Browser patches.2022-02-03T19:06:33ZYawning AngelUpstream the BSD Diversity Project Tor Browser patches.Inspired by legacy/trac#20497
They did the work in getting Tor Browser to build/run on OpenBSD, so we should review and merge/upstream patches if possible.
Patches: https://github.com/torbsd/openbsd-ports/tree/master/www/tor-browser/br...Inspired by legacy/trac#20497
They did the work in getting Tor Browser to build/run on OpenBSD, so we should review and merge/upstream patches if possible.
Patches: https://github.com/torbsd/openbsd-ports/tree/master/www/tor-browser/browser/patcheshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20328No cookies are visible, except...2022-02-03T19:06:33ZbugzillaNo cookies are visible, except...for some reason e.g. Trac cookies appear:
![TracCookies.png](uploads/TracCookies.png)for some reason e.g. Trac cookies appear:
![TracCookies.png](uploads/TracCookies.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20308TOR Browser crashes and dumps its core into my logs2022-02-03T19:06:33ZTracTOR Browser crashes and dumps its core into my logs-- Subject: Process 27351 (firefox) dumped core
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: man:core(5)
--
-- Process 27351 (firefox) crashed and dumped core.
--
-- T...-- Subject: Process 27351 (firefox) dumped core
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: man:core(5)
--
-- Process 27351 (firefox) crashed and dumped core.
--
-- This usually indicates a programming error in the crashing program and
-- should be reported to its vendor as a bug.
**Trac**:
**Username**: LtL0zF48kDJaGn3aYg6LTLXGaCPnLUVvhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20214Ultrasound Cross Device Tracking techniques could be used to launch deanonymi...2022-02-03T19:06:33ZTracUltrasound Cross Device Tracking techniques could be used to launch deanonymization attacks against some usersEmerging cross-device tracking technologies based on ultrasound could be used to fully deanonymize TOR users.
Advertisers started using ultrasounds to link multiple devices owned by the same user (i.e., perform ultrasound cross-device t...Emerging cross-device tracking technologies based on ultrasound could be used to fully deanonymize TOR users.
Advertisers started using ultrasounds to link multiple devices owned by the same user (i.e., perform ultrasound cross-device tracking, uXDT). For this purpose, they release advertising frameworks that can be incorporated in apps (e.g., android apps). These frameworks listen for series of tones in the ultrasonic spectrum, and once one is detected, they report it to the advertiser's servers.
It is easy to see how this could be exploited. The attacker sets up a hidden service playing such a beacon on the background and lures the victim to visit it using Tor browser. Once the victim loads the page, the tone is played through the speakers, and his/her phone picks the inaudible tone up and reports it to the advertiser's server. A state level adversary can then easily retrieve the Tor user's IP (and other unique identifiers) from the advertiser.
Since the technology is emerging, we believe that taking action now rather than later would be preferable.
One solution would be to filter-out all inaudible frequencies emitted by each visited webpage. We have developed such an extension for Chrome and a similar addon can be easily developed for the Tor browser. However, since there are similar tracking technologies using the audible spectrum: it may be a good idea to disable audio by default when using the Tor browser, or ask for user permission each time. In practice, this could be done by asking the user through popups, similarly to those used when requesting access to the user's location and the microphone.
We would be happy to provide more details and/or help in the development of a countermeasure for the Tor browser.
**Trac**:
**Username**: VasiliosMavroudishttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20202modify about:rights2022-02-03T19:08:57ZTracmodify about:rightsabout:rights informations need modifications
**Trac**:
**Username**: 4LPkTzgtabout:rights informations need modifications
**Trac**:
**Username**: 4LPkTzgthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20100persistent libxul.so bug crashing TBB Linux/64 (but probably a bug in locally...2022-02-03T19:06:33ZTracpersistent libxul.so bug crashing TBB Linux/64 (but probably a bug in locally linked shared object)I have a TBB (Linux x86/64) that crashes every now and then (not reproducible as it seems quite random yet it's happening over multiple TBB versions): tor-browser-linux64-6.0.4_en-US.tar.xz and about 10 earlier versions. Both Ubuntu and ...I have a TBB (Linux x86/64) that crashes every now and then (not reproducible as it seems quite random yet it's happening over multiple TBB versions): tor-browser-linux64-6.0.4_en-US.tar.xz and about 10 earlier versions. Both Ubuntu and Debian latest stables.
Linux kernel log reveals the issue in libxul.so, always at the same mmap pointer [segment+4a4a000] Same segment in previous TBBs. The mmap range for libxul.so always is 04a4a000 - 04f25000.
Kernel message:
firefox[1202] trap stack segment ip:7f6032255894 sp:7ffc6cc8aae0 error:0 in libxul.so[7f60305a9000+4a4a000]
Now, libxul.so links to 69 locally installed shared libs. In future for tor security, I believe this is interesting to look at because they don't come with TBB. ldd libxul.so and see for yourself :)
I don't see a reason in sharing my libs outside TBB because at the moment I can't narrow it down more specifically (problem of reproduction). Any tips on how to do this are welcome (strace, ptrace have not wielded any clues and with gdb I don't know where to start as it appears random). So different debugging tips are welcome ;)
My question is simple: I want to figure out of there is a problem with my Linux install... So did more people with the tor-browser-linux64-6.0.4_en-US (and earlier) encountered crashes through libxul.so (specifically with the 4a4000 offset which is where the current TBB x64/64 libxul loads) ? With 69 linked shared objects on the local system, I think it's better to raise the general question on libxul crashes before diving into the depths.
**Trac**:
**Username**: sjamaanhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20019Proposal for TOR Browser extension2022-02-03T19:06:33ZTracProposal for TOR Browser extensionAt TU Darmstadt, we developed a Firefox Add-On PassSec+: https://www.secuso.informatik.tu-darmstadt.de/en/secuso-home/research/results/passsec/
PassSec+ has two key functions:
- Protection of passwords, bank details and other sensitive ...At TU Darmstadt, we developed a Firefox Add-On PassSec+: https://www.secuso.informatik.tu-darmstadt.de/en/secuso-home/research/results/passsec/
PassSec+ has two key functions:
- Protection of passwords, bank details and other sensitive data when https is not used
- Changing cookie settings for more privacy
We are wondering whether the TOR community is interested in integrating it in the TOR browser.
Kind regards,
Kristoffer
**Trac**:
**Username**: SECUSO_Kristofferhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19789always the same exit-node 5.255.61.130 (USA)-normal?2022-02-03T19:06:33ZTracalways the same exit-node 5.255.61.130 (USA)-normal?Very often creating new circle, always 5.255.61.130 (USA) is the exit-node. Normal? How to change?
**Trac**:
**Username**: toroVery often creating new circle, always 5.255.61.130 (USA) is the exit-node. Normal? How to change?
**Trac**:
**Username**: torohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19726Tor permits web sites to maximize window2022-02-03T19:06:33ZTracTor permits web sites to maximize windowI can't pinpoint exactly which web site is doing it, but when I start the Tor browser with "restore tabs from last session" enabled, it will often maximize the window and then give a warning saying not to maximize the window. I'm not, an...I can't pinpoint exactly which web site is doing it, but when I start the Tor browser with "restore tabs from last session" enabled, it will often maximize the window and then give a warning saying not to maximize the window. I'm not, and Tor browser should not allow web sites to do so either.
Reproduction steps:
1. Enable "restore tabs from last session".
2. Find a web site which maximizes the window using e.g. JavaScript and enable javascript permanently for that site.
3. Close and reopen Tor Browser.
Expected results: Tor should prevent window maximize operations as it is a potential security risk.
Actual results: Tor allows window maximize operations.
**Trac**:
**Username**: oiafwejhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19719plugin prompt not displayed if no plugins available2022-06-18T02:49:30ZMark Smithplugin prompt not displayed if no plugins availableIf no plugins are available on the user's system, the "Are you sure you want to enable plugins?" prompt is not displayed. This is because the prompt is triggered by an "xpcom-category-entry-added" notification but no such notification is...If no plugins are available on the user's system, the "Are you sure you want to enable plugins?" prompt is not displayed. This is because the prompt is triggered by an "xpcom-category-entry-added" notification but no such notification is generated if no plugins are loaded.
In this case, we should also consider displaying a different message.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19517crashing in OS X on 6.0, 6.01, 6.022022-02-03T19:06:33Zcypherpunkscrashing in OS X on 6.0, 6.01, 6.02Should have sent this dump sooner.Should have sent this dump sooner.