Tor has released Tor Browser 8.0.9, which fixes the expired intermedia signing certificate that was causing the NoScript and HTTPS-Everywhere addons to be disabled.
Last Friday, Firefox users found that their addons were suddenly disabled because Mozilla forgot to renew an expired certificate used to sign their addons. As addons need to be signed by a valid signature before they can be used in Firefox, the addons were disabled.
As Tor is based on Firefox, its NoScript, HTTP-Everywhere, and other addons signed by Mozilla were disabled as well. This caused greater risk for tracking or privacy risks to increase due to the lack of NoScript.
On Sunday, Mozilla released Firefox 66.0.4 that fixed the expired code signing certificate, which allowed Tor to compile a new version of the browser with this fix installed as well.
It is strongly suggested that all Tor users download and install Tor Browser 8.0.9 through the automatic update feature or via the site.
It should be noted, that in order to increase the compile speed, Tor did not increment the internal Firefox browser version and it will still display as 60.6.1esr.
When the addons were disabled, Tor recommended users temporarily disable the about:config setting xpinstall.signatures.required in order to disable signature requirements and get NoScript working again.
Tor further warns that if you had disabled the xpinstall.signatures.required that you enable it again for greater security.
The full changelog for Tor Browser 8.0.9 can be found below:
- Update Torbutton to 2.0.13
- Bug 30388: Make sure the updated intermediate certificate keeps working
- Backport fixes for bug 1549010 and bug 1549061
- Bug 30388: Make sure the updated intermediate certificate keeps working
- Update NoScript to 10.6.1
- Bug 29872: XSS popup with DuckDuckGo search on about:tor
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now