CHANGELOG 27 KB
Newer Older
Mike Perry's avatar
Mike Perry committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
1.4.6
 30 May 2012
  * Bug 5710: Prevent all sessionstore data saving in TBB
  * Bug 5715: Explicitly clear image cache on TBB New Identity
  * Bug 4660: Clear search and find boxes on TBB New Identity
  * Bug 5729: Make New Identity and New Window a multiple of 200x100px
  * Bug 4755: Spoof screen coordinates for DOM MouseEvents
  * Bug 4718: Make TBB version check happen on New Window+New Identity
  * Bug 5758: Disable WebSockets and IndexedDB for non-TBB users
  * Bug 5863: Remove the ability to toggle Torbutton (to prevent leaks)
  * Bug 3838: Inform Torbutton users about TBB
  * Bug 5092: Sign Torbutton Updates
  * Bugs 5673+5732: Change captcha redirect to startpage.com
  * Bug 3845: Bump Firefox user agent to 10.0-ESR

Mike Perry's avatar
Mike Perry committed
16
17
18
19
1.4.5.1
  17 Dec 2011
  * bug 4722: Fix ability to drag tabs on Windows (due to #4517)

Mike Perry's avatar
Mike Perry committed
20
21
22
23
24
25
26
27
28
29
1.4.5
  14 Dec 2011
  * bug 4517: Disable external drag and drop (prevents proxy bypass)
  * bug 4099: Disable TLS session tickets to prevent linkability
  * bug 4603: Lower HTTP keep-alive timeout to reduce linkability
  * bug 4611: Notify user if "New Identity" fails
  * bug 4667: Close keep-alive connections on "New Identity" (TBB only)
  * bug 4453: Reset SOCKS host and port only when using "recommended settings"
  * misc: Perform versioncheck at startup regardless of session restore status

Mike Perry's avatar
Mike Perry committed
30
31
32
33
1.4.4.1
  11 Oct 2011
  * misc: Fix a homepage load error on Windows TBB first-run

Mike Perry's avatar
Mike Perry committed
34
35
36
37
38
39
40
41
42
43
1.4.4
  9 Oct 2011
  * bug 4197: Allow Torbutton formfill blocking to be disabled
  * bug 4058: Fix yet more issues with links opening in new tabs
  * bug 4161: Make TBB version check work w/ SocksPort auto builds
  * bug 3686: Fix loading of localized homepage on Debian
  * bug 4016: Resize window on "New Identity"
  * bug 3928: Implement CookieAuthFile password reading
  * misc: Fix scoping issue for some stream variables

44
45
46
47
48
49
50
1.4.3
  9 Sep 2011
  * bug 3933: Don't touch app.update.auto in TBB
  * bug 3960: Don't disable zoom.siteSpecific on TBB
  * bug 3928: Fix auto-scroll on twitter
  * bug 3649: Make permissions and disk errors human-readable

Mike Perry's avatar
Mike Perry committed
51
52
53
54
55
56
1.4.2
  3 Sep 2011
  * bug 3879: Fix broken framed sites (yopmail, gmane, gmaps, etc)
  * bug 3337: Fetch check.tp.o page to check versions (TBB only)
  * Bug 3754: Fix SafeCache OCSP errors (fix for TBB only)

Mike Perry's avatar
Mike Perry committed
57
58
59
60
61
62
63
64
65
66
67
68
1.4.1
  28 Aug 2011
  * bug 523: Implement New Identity (for TBB only)
  * bug 3580: Fix hotmail/live breakage (TBB only)
  * bug 3748: Disable 3rd party HTTP auth
  * bug 3665: Fix several corner cases SafeCache isolation
  * bug 3739: Fix https->http CORS failure for SafeCache
  * bug 3414: Isolate window.name based on referrer policy
  * bug 3809: Disable referer spoofing (fixes navigation issues)
  * bug 3819: Fix API issue with cookie protections
  * bug 3820: Fix warning w/ session store filter

Mike Perry's avatar
Mike Perry committed
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
1.4.0
  30 Jun 2011
  * bug 3101: Disable WebGL. Too many unknowns for now.
  * bug 3345: Make Google Captcha redirect work again.
  * bug 3399: Fix a reversed exception check found by arno.
  * bug 3177: Update torbutton to use new TorBrowser prefs.
  * bug 2843: Update proxy preferences window to support env var.
  * bug 2338: Force toggle at startup if tor is enabled
  * bug 3554: Make Cookie protections obey disk settings
  * bug 3441: Enable cookie protection UI by default.
  * bug 3446: We're Firefox 5.0, we swear.
  * bug #3506: Remove window resize event listener.
  * bug #1282: Set fixed window size for each new window.
  * bug #3508: Apply Stanford SafeCache patch (thanks Edward, Collin et al).
  * bug #2361: Make about window work again on FF4+.
Mike Perry's avatar
Mike Perry committed
84
  * bug #3436: T(A)ILS was renamed to Tails.
Mike Perry's avatar
Mike Perry committed
85
86
87
88
89
  * bugfix: Fix a transparent context menu issue on Linux FF4+.
  * misc: Squelch exception from app launcher in error console.
  * misc: Make DuckDuckGo the default Google Captcha redirect destination.
  * misc: Make it harder to accidentally toggle torbutton.

Mike Perry's avatar
Mike Perry committed
90
1.3.3-alpha
91
  01 May 2011
Mike Perry's avatar
Mike Perry committed
92
93
94
95
  * bug 2777: Clear OCSP cache on tor toggle
  * bug 2832: Update spoofed user agent to Firefox 4.0
  * bug 2838: Make cookie protections dialog work
  * bug 2819: Move JS hooks to new JS1.8.5 hooking support on FF4.
96
  * bug 3042: Fix version compatibility issue with FF4.0.1+
Mike Perry's avatar
Mike Perry committed
97

Mike Perry's avatar
Mike Perry committed
98
1.3.2-alpha
99
  21 Mar 2011
Mike Perry's avatar
Mike Perry committed
100
101
102
103
104
105
106
107
108
109
110
111
  * bug 1624: Use nsIDOMCrypto::logout() instead of the SSLv2 pref hack
  * bug 1999: Disable tor:// urls by default
  * bug 1968: Reset window.name on tor toggle
  * bug 2148: Make refspoofing more uniform
  * bug 2359: Fix XHTML DTD errors on FF4
  * bugs 2465+2421: Fix javascript hook exceptions+issues in FF4.0
  * bug 2458: Opt out of Firefox addon usage pings
  * bug 2377: Limit the Google captcha cookies copied between google TLDs
  * bug 2491: Clean up checks for when to jar protected cookies
  * bug 1110: Add popup to ask if we should spoof English Accept: headers
  * misc: Remove a noisy FF2 nsICookieManager2 fallback check.

Mike Perry's avatar
Mike Perry committed
112
1.3.1-alpha
113
  03 Jan 2011
114
115
116
  * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri)
  * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri)
  * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble)
Mike Perry's avatar
Mike Perry committed
117
118
  * bugfix: Fix some incorrect log lines in RefSpoofer
  * new: Support Firefox 4.0 (many changes)
119
  * new: Place button in the nav-bar (FF4 killed the status-bar)
Mike Perry's avatar
Mike Perry committed
120
  * misc: No longer reimplement the session store, use new APIs instead
Mike Perry's avatar
Mike Perry committed
121
  * misc: Simplify crash detection and startup mode settings
Mike Perry's avatar
Mike Perry committed
122

Mike Perry's avatar
Mike Perry committed
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
1.3.0-alpha
  30 Sep 2010
  * new: Support for transparent proxies in settings
    (patch from Jacob Appelbaum and Kory Kirk)
  * new: tor:// and tors:// url support to auto-toggle into tor mode
    (patch from Kory Kirk)
  * new: Cookie manager to allow individual Cookie protection
    (patch from Kory Kirk)
  * new: Add referrer spoofing based on modified same origin policy
    (patch from Kory Kirk)
  * new: Add DuckDuckGo.com as a Google captcha redirect destination
    (patch from aiden tighe)
  * bugfix: bug 1911: Fix broken useragent locale string on debian
    (patch from lunar)
  * bugfix: Fix captcha detection for encrypted.google.com

Mike Perry's avatar
Mike Perry committed
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
1.2.5
  08 Apr 2010
  * bugfix: bug 1169: Fix blank popup conflict with CoolPreviews
  * bugfix: bug 1246: Fix IST and other HH:30 timezone issues.
  * bugfix: bug 1219: Fix the toggle warning loop issue on settings change.
  * bugfix: bug 1321: Fix a session restore bug when closing the last window
  * bugfix: bug 1302: Update useragent to FF3.6.3 on WinNT6.
  * bugfix: bug 1157: Add logic to handle torbutton crashed state conflicts
  * bugfix: bug 1235: Improve the 'changed-state' refresh warning message
  * bugfix: bug 1337: Bind alert windows to correct browser window
  * bugfix: bug 1055: Make the error console the default log output location
  * bugfix: bug 1032: Fix an exception in the localhost proxy filter
  * misc: Always tell a website our window size is rounded even if it's not
  * misc: Add some suggestions to warning about loading external content
  * new: Add option to always update Torbutton via Tor. On by default
  * new: Redirect Google queries elsewhere on captcha (default ixquick)
  * new: Strip identifying info off of Google searchbox queries

Mike Perry's avatar
Mike Perry committed
157
158
159
160
161
162
163
164
165
166
167
1.2.4
  16 Dec 2009
  * bugfix: bug 1169: Fix blank popup conflict with Google Toolbar
  * bugfix: bug 1171: Properly store and set network.dns.disablePrefetch
  * bugfix: bug 1165: Fix an exception on toggle in FF3.6
  * bugfix: bug 1163: Fix history loss in FF3.6
  * bugfix: Fix a typo error during logging
  * bugfix: Properly handle session restore in FF3.6
  * misc: Kill a warning message about missing properties in window-mapper.js
  * new: Add a new pref to disable Livemark updates during Tor usage (FF3.5+)

Mike Perry's avatar
Mike Perry committed
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
1.2.3
  02 Dec 2009
  * bugfix: bug 950: Preserve useragent and download settings across toggle
  * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
  * bugfix: bug 1041: Preserve tab history in FF3.5
  * bugfix: bug 1047: Fix spurious user agent change notice
  * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
  * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
  * bugfix: bug 1085: Fix test settings issues with dead privoxy
  * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
  * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
  * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
  * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
  * bugfix: bug 1152: Close tabs on toggle prevents toggling in FF3.5"
  * bugfix: bug 1154: Clarify "Last Tor test failed" message
  * misc: Disable geolocation in FF3.5 during Tor mode
  * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
  * misc: Disable offline app cache during Tor mode
  * misc: Disable specific site zoom settings during Tor mode
  * new: Transfer Google cookies between country-code domains. This should
    make it such that captchas only need to be solved once per Tor session,
    as opposed to for each country.

Mike Perry's avatar
   
Mike Perry committed
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
1.2.2
  09 Aug 2009
  * bugfix: Workaround Firefox Bug 440892 to prevent external apps from 
    being launched (and thus bypassing proxy settings) without user 
    confirmation. Independently reported by Greg Fleischer and optimist.
  * bugfix: Create a separate "No Proxy For" option and remove the 
    string "localhost" from proxy exemptions. Prevents a theoretical
    proxy bypass condition discovered by optimist. Fix based on patch from
    optimist.
  * bugfix: bug 970: Purge undo tab list on Tor toggle.
  * bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages. 
    Mac OS writes Firefox console messages to disk by default.
  * bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy 
    strings to fail to display.
  * misc: bug 1006: Pop up a more specific failure message for pref
    changing errors during Tor toggle.
  * misc: Fix a couple of strict javascript warns on FF3.5
  * misc: Add chrome url protection call to conceal other addons during
    non-Tor usage. Patch by Sebastian Lisken.
  * misc: Remove torbutton log system init message that may have scared some
    paranoids. 

Mike Perry's avatar
   
Mike Perry committed
213
1.2.1
Mike Perry's avatar
   
Mike Perry committed
214
  21 Mar 2009
Mike Perry's avatar
   
Mike Perry committed
215
216
217
218
219
220
221
  * bugfix: bug 773: Fixed Noscript conflict issue.
  * bugfix: bug 866: Fixed conflict with ZoTero
  * bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore
    Torbutton's spoofed user agent if Tor is enabled.
  * bugfix: bug 909: Get Torbutton to "properly" react to users changing 
    their Firefox cookie lifetime settings as opposed to using the Torbutton 
    interface.
Mike Perry's avatar
   
Mike Perry committed
222
  * bugfix: bug 834: Fix session saving and startup issues
Mike Perry's avatar
   
Mike Perry committed
223
224
225
226
227
228
229
230
231
232
233
  * bugfix: bug 875: Removed docShell == null popup during toggle for 
    some users
  * bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
  * bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
  * bugfix: Stop-gap timezone spoofing fix for Linux and Mac 
    for FF3. Requires a one-line patch to Firefox for Windows to work.
  * bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
  * misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
  * misc: bug 836: redesign startup preference window to make it more
    understandable
  * misc: Torbutton now presents itself as Windows FF3.0.7.
Mike Perry's avatar
   
Mike Perry committed
234
  * misc: Change RDF to allow Torbutton to run on FF3.1 betas.
Mike Perry's avatar
   
Mike Perry committed
235

Mike Perry's avatar
   
Mike Perry committed
236
1.2.0
Mike Perry's avatar
   
Mike Perry committed
237
  30 Jul 2008
Mike Perry's avatar
   
Mike Perry committed
238
239
240
241
242
243
244
245
  * bugfix: bug 777: Fix issue with locale spoofing breaking translations.
  * bugfix: bug 778: Preserve locale in spoofed version if user does not want
    locale spoofing.
  * bugfix: bug 780: Keep session cookies during Tor toggle.
  * bugfix: Potential fix for some PKCS#12 issues.
  * bugfix: Fix crash recovery and uninstall/upgrade to avoid cookie loss.
  * misc: Translation updates.

Mike Perry's avatar
   
Mike Perry committed
246
247
248
249
250
251
252
253
1.2.0rc6:
  12 Jul 2008
  * bugfix: Fix bug causing Firefox history to get cleared in some situations
  * bugfix: bug 753: Fix exception thrown during Tor toggle in some instances
  * bugfix: bug 758: Fix resize issue where 0x0 windows could be created
  * bugfix: Fix some potential permission denied issues with cookie jars
  * bugfix: bug 520: Fix issue where Javascript stayed disabled in some tabs
  * bugfix: Apply cookie lifetime settings to Tor settings on first install.
Roger Dingledine's avatar
Roger Dingledine committed
254
  * bugfix: Don't disable Firefox preferences when Torbutton is uninstalled
Mike Perry's avatar
   
Mike Perry committed
255
256
  * misc: Allow automatic updates in FF3 by default. They are secure now.
  * misc: Translation updates
Roger Dingledine's avatar
Roger Dingledine committed
257

Mike Perry's avatar
   
Mike Perry committed
258
1.2.0rc5
Mike Perry's avatar
   
Mike Perry committed
259
  06 Jul 2008
Mike Perry's avatar
   
Mike Perry committed
260
261
  * bugfix: bug 734: Fix exception with clearing history on toggle
  * bugfix: bug 735: Fix exception with blocking Non-Tor history writes
Mike Perry's avatar
   
Mike Perry committed
262
263
  * bugfix: bug 720: FF3 cookie jar fix submitted by arno
  * misc: translation updates for French, Farsi, and others
Mike Perry's avatar
   
Mike Perry committed
264
  * misc: demote "mapper check" log message to info
Mike Perry's avatar
   
Mike Perry committed
265
  * new: Option to not write cookie jars to disk submitted by arno
Mike Perry's avatar
   
Mike Perry committed
266

Mike Perry's avatar
   
Mike Perry committed
267
268
269
270
271
272
273
274
275
1.2.0rc4
  27 Jun 2008
  * misc: Refuse to jar cookies under Firefox 3. Lame workaround for Firefox
    Bug 439384, but it's the best we can do. At least we won't destroy
    cookies anymore.
  * misc: Some strings were present twice in the en-US locale. Didn't seem
    to cause any problems, but probably should be fixed.

1.2.0rc3
Mike Perry's avatar
   
Mike Perry committed
276
277
278
279
280
281
282
283
284
285
  27 Jun 2008
  * bugfix: Lots of compatibility updates with other extensions. Issues
    with SpeedDial, Google Notebook, TabMixPlus, and others have been fixed.
  * bugfix: Fix bug with first window/tab after restart being partially 
    prevented from performing network activity and/or history access.
  * bugfix: Add an additional pref for blocking Non-Tor file url network
    activity. Off by default. This should fix issues with Sage addon in
    Non-Tor mode. 
  * bugfix: Be better about saving all sorts of Firefox prefs that we touch
    so that users' Non-Tor preferences are remembered.
Mike Perry's avatar
   
Mike Perry committed
286
  * bugfix: Fix potential issues with FF3 sessionstore by updating component,
Mike Perry's avatar
   
Mike Perry committed
287
288
289
290
291
292
293
294
295
    and performing version detection.
  * bugfix: Separate toggle into a 3 stage process to eliminate potential 
    race conditions and issues with javascript and other functionality 
    not working after Tor toggle.
  * new: Added 'Test Settings' button to Proxy Preferences that uses 
    check.torproject.org to verify Tor status.
  * misc: Improve 'Restore Defaults' to reset all prefs that we touch.
  * misc: Fix logging system to be more user-legible.

Mike Perry's avatar
   
Mike Perry committed
296
297
298
299
300
301
1.2.0rc2
  08 Jun 2008
  * bugfix: MacOS: Fix broken Tor state/toggle issues when all windows are 
    closed but app stays open
  * misc: Potential performance improvements when many windows+tabs are open
  * new: Add 'locked mode' pref to allow users to disable one-click toggling
Mike Perry's avatar
   
Mike Perry committed
302
  * new: Add prefs to start Firefox with a specific Tor state.
Mike Perry's avatar
   
Mike Perry committed
303

Mike Perry's avatar
   
Mike Perry committed
304
1.2.0rc1
Mike Perry's avatar
   
Mike Perry committed
305
  01 Jun 2008
Mike Perry's avatar
   
Mike Perry committed
306
307
308
309
  * general: FF3 should now be functional, but timezone masking is not
    operational
  * bugfix: Fix Places/history component hooking in FF3
  * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
Mike Perry's avatar
   
Mike Perry committed
310
    if history writes are disabled.
Mike Perry's avatar
   
Mike Perry committed
311
312
313
  * bugfix: General component hooking fixes for FF3
  * bugfix: Block favicon leaking in FF3
  * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
Mike Perry's avatar
   
Mike Perry committed
314
  * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
Mike Perry's avatar
   
Mike Perry committed
315
316
317
318
319
320
321
322
323
324
325
  * bugfix: Properly reset cookie lifetime policy when user changes cookie
    handling options.
  * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
  * bugfix: navigator.oscpu hooking was broken in 1.1.18
  * bugfix: Try to prevent alleged 0x0 windows on crash recovery
  * bugfix: Attempt to block livemarks updates during Tor. Only partial fix.
    Not possible to cancel existing Livemarks timer (one fetch will still
    happen via Tor before disable). See Firefox Bug 436250
  * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
    mimetypes just in case our custom full page blocking code fails

Mike Perry's avatar
   
Mike Perry committed
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
1.1.18
  17 Apr 2008
  * bugfix: Fix Gmail exceptions involving window.navigator that made Gmail
    unusable after recent updates by Google.
  * bugfix: Fix an exception in the content policy that may have prevented
    some AJAX page elements from loading.
  * bugfix: Fix regression on cross-state favicon leak introduced in 1.1.17
  * bugfix: Fix to make clear private data work again by fixing up history
    hooking (may also help FF3 compatibility).
  * bugfix: Fix Yahoo email account creation (broken due to Date.valueOf()
    weirdness).
  * bugfix: Fix to allow plugins if the user unchecks the plugin blocking
    preference
  * bugfix: Fix bug 638: eliminate cross-state history popup on session
    restore
  * bugfix: Only resize windows on document load. Hopefully this will make
    the resizing code less annoying, and drift less.
  * bugfix: Fix Object.prototype extensions involving the Date object 
    (observed on LiveJournal)
  * bugfix: Fix javascript debugger compatibility issues involving source
    window display and other functionality.
  * misc: Prevent blocked popups from opening blank, unusable windows
  * misc: Updated firefox version to 2.0.0.14
  * new: New translations for French, Russian, Farsi, Italian, and Spanish.

1.1.17
Mike Perry's avatar
   
Mike Perry committed
352
  15 Mar 2008
Mike Perry's avatar
   
Mike Perry committed
353
354
355
356
357
358
359
360
361
362
363
364
365
  * bugfix: Improve chrome disclosure protection (patch from Greg Fleischer)
  * bugfix: Block network access from file urls to workaround Firefox 
    'Content-Disposition' file stealing attack (found/fixed by Greg)
  * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  * bugfix: Improve Torbutton chrome concealment (found by Greg)
  * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  * bugfix: Don't resize maximized windows
  * misc: Improve window resizing to only resize on document load,
    and to try to address drift by remembering window sizes
  * misc: Clear session history if clear history on tor toggle is set
  * new: Remove history hooks in favor of nsISHistoryListeners that
    prevent history navigation from alternate Tor states

Mike Perry's avatar
   
Mike Perry committed
366
367
368
369
370
371
372
1.1.16
  03 Mar 2008
  * bugfix: Fix yet more javascript unmasking issues found by Greg.
    Date is still unmaskable.
  * bugfix: Close tabs *before* toggling proxy settings if pref is set.
  * bugfix: Fix a couple exceptions thrown on resizing and plugin canceling

Mike Perry's avatar
   
Mike Perry committed
373
374
375
376
377
378
379
380
381
382
383
1.1.15
  26 Feb 2008
  * bugfix: Fix hook unmasking of window.screen, window.history,
    and window.navigator discovered by Greg Fleischer. window.Date 
    unmasking is still unfixed. window.history unmasking represents
    potential IP disclosure due to Firefox Bug 409737.
  * bugfix: Fix view-source extension disclosure bug found by Greg 
    Fleischer.
  * bugfix: Fix javascript and about links. Found by Greg Fleischer.
  * new: Attempt to prevent window sizes from drifting during resize.

Mike Perry's avatar
   
Mike Perry committed
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
1.1.14
  24 Feb 2008
  * bugfix: set general.useragent.locale if user wants to spoof an English
    browser. This handles navigator.locale
  * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  * bug 580: Resize preferences window to fit in 640x480 displays
  * new: Spoof window.screen to mask desktop resolution and resize the 
    browser to multiples of 50px while tor is enabled.
  * new: Block content window access to chrome urls if Tor is enabled, 
    and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for 
    reporting the chrome disclosure issues
  * new: Added option to close all opened tabs on a Tor toggle. Useful 
    for general convenience and also as a backup protection against 
    Bug 409737.
  * new: Add Tor ports to the list of banned ports for Firefox. Should
    prevent http-ping based fingerprinting attacks.
  * new: Finally add support for automatic updates.

Mike Perry's avatar
   
Mike Perry committed
403
1.1.13
Mike Perry's avatar
   
Mike Perry committed
404
  01 Feb 2008
Mike Perry's avatar
   
Mike Perry committed
405
406
407
408
409
410
411
412
413
414
415
  * bugfix: Implement workarounds to disable Javascript network access 
    for Firefox Bug 409737
  * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296 
  * misc: Set network.protocol-handler.warn-external.* to warn on external 
    app handlers during Tor usage
  * misc: Disable browser.safebrowsing.enabled during Tor usage since it
    retrieves some information in plaintext.
  * misc: Disable browser.send_pings.
  * misc: Block Javascript back/forward manipulation if Tor is enabled
  * new: Option to clear HTTP auth on Tor toggle

Mike Perry's avatar
   
Mike Perry committed
416
417
418
419
420
421
422
423
1.1.12
  26 Nov 2007
  * bugfix: bug 520: Fix some content policy/tagging issues. Not sure if this
    is the whole bug.
  * bugfix: Fix a nasty bug where torbutton mostly broke if the first Firefox
    window was closed (introduced in 1.1.11)
  * bugfix: Fix a favicon proxy-leak discussed in onionland

Mike Perry's avatar
   
Mike Perry committed
424
425
426
427
428
429
430
431
1.1.11
  16 Nov 2007
  * bugfix: Fix a scope issue with the JS hooks that caused problems with 
    some sites (gmail, others?)
  * misc: Performance enhancements for speeding up toggle
  * new: Prevent Tor cookies from being written to disk if the user wants
    them cleared.

Mike Perry's avatar
   
Mike Perry committed
432
433
434
1.1.10
  06 Nov 2007
  * bugfix: bug 522: Try harder to kill plugins before they do any network IO
Mike Perry's avatar
   
Mike Perry committed
435
    (discovered by goldy)
Mike Perry's avatar
   
Mike Perry committed
436
437
438
439
440
441
  * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
    location event.
  * misc: New logging system
  * new: Have user choose between starting in Tor or Non-Tor after crash.
    Leaving it to Firefox is non-deterministic and should not be an option.

Mike Perry's avatar
   
Mike Perry committed
442
443
444
445
1.1.9.1
  23 Oct 2007
  * bugfix: 1.1.9 killed all plugins. Bring them back to life.

Mike Perry's avatar
   
Mike Perry committed
446
447
1.1.9
  21 Oct 2007
Mike Perry's avatar
   
Mike Perry committed
448
  * bugfix: bug 519: Fix Ubuntu Gutsy hang on startup.
Mike Perry's avatar
   
Mike Perry committed
449
450
451
452
  * bugfix: bug 521: Fix yet more false positive popups introduced in 1.1.8
  * bugfix: bug 522: Block loading of direct clicks of plugin-handled content 
    (discovered by goldy).

Mike Perry's avatar
   
Mike Perry committed
453
1.1.8
Mike Perry's avatar
   
Mike Perry committed
454
455
456
457
458
  01 Oct 2007
  * bugfix: bug 503: Prevent sessionstore from writing Tor tabs to disk
  * bugfix: bug 510: Decouple cookie clearing from Clear Private Data settings
  * bugfix: bug 474: Decouple password+form saving from history writing
  * bugfix: bug 460: Rework handling of hooking based on global events+window
Mike Perry's avatar
   
Mike Perry committed
459
    lookup
Mike Perry's avatar
   
Mike Perry committed
460
461
462
463
  * bugfix: Hooking fixes for pages with nested frames/iframes
  * bugfix: Cookies are now properly synced before storing into a jar
  * misc: Tightened up the alerts a bit more for the javascript hooking
  * misc: Changed defaults to be less intrusive to non-tor usage
Mike Perry's avatar
   
Mike Perry committed
464
  * new: Added options to start in Tor and reload cookies after browser crash 
Mike Perry's avatar
   
Mike Perry committed
465
  * new: Added ability to have both tor and non-tor cookie jars
Mike Perry's avatar
   
Mike Perry committed
466

Mike Perry's avatar
   
Mike Perry committed
467
468
1.1.7
  20 Sep 2007
Mike Perry's avatar
   
Mike Perry committed
469
  * bugfix: bug 495: couple of memory leaks found and fixed by arno
Mike Perry's avatar
   
Mike Perry committed
470
  * bugfix: bug 497: uninstall exception found and fixed by arno
Mike Perry's avatar
   
Mike Perry committed
471
472
  * bugfix: bug 460: No more alerts should happen. But does that mean its
    fixed? Outlook uncertain...
Mike Perry's avatar
   
Mike Perry committed
473
474
475
476
477
  * bugfix: bugs 461+489: verbosity+macos logging issues resolved
  * bugfix: if javascript is disabled, the hooking code no longer complains
  * misc: Update spoofed Firefox version to 2.0.0.6
  * new: "Restore Defaults" button added to the preferences window

Mike Perry's avatar
   
Mike Perry committed
478
479
480
481
482
483
484
485
1.1.6
  30 Jul 2007
  * bugfix: Fix an exception that may have messed up cookie/cache clearing
    if you allowed Tor to write history URLs (possibly kills bug #457)
  * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking
    misses (possibly kills bug #460)
  * misc: Clean up annoying false positives with date hooking checks

Mike Perry's avatar
   
Mike Perry committed
486
487
488
489
490
491
1.1.5
  17 Jul 2007
  * bugfix: Reset shutdown option if user wants to manually manage cookies
  * misc: Add code to detect date hooking failures to zero in on Bug #460
  * new: Pref to disable "DOM Storage" during Tor usage

Mike Perry's avatar
   
Mike Perry committed
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
1.1.4 - Defcon CD Release
  6 Jul 2007
  * bugfix: Make plugin state tied to tab load state also
  * bugfix: Date hooking bug. getUTCYear is not defined. Must call getYear..
  * new: Add options to spoof charset and language headers
  * new: Add option to disable referer header. This can break some sites.
         Seems to break digg in particular.
  * new: Copy English strings to all language DTDs so they are at least
         functional.

1.1.3 - Black Hat CD Release
  30 Jun 2007
  * bugfix: Fully disable session store if option is set. Otherwise it 
            can save Tor tabs and cause them to be reloaded during Tor usage!
  * new: Differentiate between crucial and recommended settings in preferences

1.1.2
  22 Jun 2007
  * bugfix: Make js hooking a bit more invisible
  * bugfix: Improve navigator.* hooking for user agent spoofing
  * new: Block session saving during tor usage
  * new: Add options to clear cookies during Tor/Non-Tor shutdowns

1.1.1
  20 Jun 2007
  * bugfix: Remove Date hooks from DOM after inserted. Fixes some sites
            who expect a fixed DOM structure.
  * new: Integrated Collin Jackson's history blocking+cookie jar code, adapted
         it to handle various Tor States+read/write differentiation.
  * new: Allow users to manually manage cookies
  * new: Mark tabs as having been fetched via Tor or in the clear
  * new: Add code to only enable javascript on tabs with the same Tor load 
         state as the current
  * new: options to clear the cache, block disk cache, or block all caching
  * new: Created options tabbox
  * new: Option to block updates if Tor was enabled
  * new: Add nsIContentPolicy to block CSS popups from pages with a different
         load state than current Tor State.
  * new: Added user agent spoofing code
  * new: Support FireFox 2.0 only
  * new: Disable "safe browsing" remote lookups
  * new: block session saving


1.1.0 - Security Development begins (Alpha branch)
  31 Mar 2007
  * new: Option to disable all plugins during Tor usage
  * new: Javascript hooking to mask timezone for Date Object, attempted CSS fix
  * new: Options to clear history and cookies on Tor toggle
  * bugfix: Fix logging to use error console if logger extension not present

543
1.0.5
544
  18 Nov 2006
545
  * bugfix: fix the about box in firefox 1.0
546
547
  * bugfix: set the toolbar button to the correct state upon insertion into 
            the toolbar (ff >= 1.5 only)
548
  * bugfix: clarify the wording of the one-liner extension description
549
  * bugfix: bypassing privoxy with Firefox <= 1.0 is not recommended
550
  * bugfix: remember previous "custom" proxy settings
551
552
553
  * misc: new icons
  * misc: keyboard shortcut re-assigned to ctrl-2
  * new: previous proxy settings are restored after exiting tor mode
554
555
  * new: if the torbutton proxy settings are changed while torbutton is 
         enabled, then the active proxy settings are updated to reflect it
556
  * new: added twelve locales
557

558
559
560
561
562
563
1.0.4
  01 Jun 2006
  * bugfix: without-privoxy settings were incorrect
  * bugfix: https settings did not take effect until firefox restart
  * bugfix: let firefox generate our about box, so it will include the version

564
565
566
567
1.0.3
  31 May 2006
  * bugfix: statusbar style would reset to text after firefox restart

Scott Squires's avatar
Scott Squires committed
568
569
570
571
572
573
574
575
576
577
578
579
580
581
1.0.2
  23 May 2006
  * bugfix: fixed problem with socks_remote_dns
  * new: mozilla thunderbird support
  * new: user may customize proxy settings for nonstandard configurations
  * new: option to not use privoxy in the standard configuration
  * new: slovenian translation
  * new: french translation
  * new: keyboard shortcut (control-shift-t, changeable via keyconfig)
  * new: context menu for toolbar button and statusbar panel
  * new: attractive tor icons
  * new: about dialog
  * new: option to display statusbar as an icon instead of text

Scott Squires's avatar
Scott Squires committed
582
583
584
585
1.0.1
  16 Mar 2006
  * bugfix: toolbar button tooltips now display the correct status
  * bugfix: set socks5 proxy to tor port (9050) instead of privoxy (8118)
Scott Squires's avatar
Scott Squires committed
586
  * bugfix: allow user to change proxy exclusion list ("no proxy for")
Scott Squires's avatar
Scott Squires committed
587
588
589
590
591
592
593
594
  * new: use socks_remote_dns on firefox versions that have it
  * new: added update functionality through the extensions manager
  * new: added preference: display statusbar panel (yes/no)
  * new: added compatibility with firefox 1.0 and 0.9

1.0
  07 Mar 2006
  * initial release