Jump to content

Tor Browser 8.0.9 update resolves add-on signing issue


Recommended Posts

Tor Browser 8.0.9 was released on May 7, 2019 to the public. The new version addresses a major issue in Mozilla's add-on signing platform that caused verification to fail.


Tor Browser is based on Firefox ESR code, and since Firefox ESR, and any other version of Firefox, was affected by the issue, so was Tor Browser.


The privacy-focused browser comes with several add-ons installed that improve privacy. One notable extension is NoScript as it blocks all (or most) JavaScript from execution. Scripts may serve legitimate purposes, e.g. provide functionality on websites, but they may also be used for fingerprinting, tracking, the serving of advertisement, and even malicious attacks or the distribution of malware.


The Tor project informed users of the browser about the issue on its website.


Tor users found the add-ons NoScript, HTTPS Everywhere, Torbutton, and TorLauncher disabled, and marked as legacy extensions. The same happened to Firefox users worldwide who all lost access to their installed extensions.


Mozilla fixed the issue in the meantime in Firefox (including Firefox ESR), and Tor Browser 8.0.9 does the same. Means, add-ons should show up as installed again after Tor Browser is updated to the new version or installed anew.


Note: The Brave browser supports Tor as well; it was not affected by the issue.

Tor Browser 8.0.9

tor browser 8.0.9

Tor users and admins can download the latest version of the web browser from the official project website. It is available for the desktop operating systems Windows, Mac OS and Linux, and the mobile operating system Android.


You may run an update check by opening Menu > Help > About Tor Browser.


Tor users who use the built-in extensions or others are encouraged to update to the new version to fix the issue. Add-ons should return to the enabled state automatically after the update.


The entire changelog:

Update Torbutton to 2.0.13

Bug 30388: Make sure the updated intermediate certificate keeps working

Backport fixes for bug 1549010 and bug 1549061 *

Bug 30388: Make sure the updated intermediate certificate keeps working *

Update NoScript to 10.6.1

Bug 29872: XSS popup with DuckDuckGo search on about:tor

Tor users who disabled add-on signing in the browser to fix the issue temporarily may want to consider enabling it again. This is done by loading about:config in the browser's address bar, searching for xpinstall.signatures.required and setting the preference to True.


True means that Firefox will verify the certificate of installed extensions and extensions that are about to be installed in the browser. Extensions without valid certificate cannot be installed or used if the setting is enabled (with some exceptions, e.g. temporary add-ons). (via Born)


Source: Tor Browser 8.0.9 update resolves add-on signing issue (gHacks - Martin Brinkmann)

Link to comment
Share on other sites

  • Replies 0
  • Views 346
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...