内建翻墙功能的匿名网络浏览器 Tor Browser 6.5.1 发布 修复Chrome URI泄露

2017/03/08
Tor Browser 是个内建「翻墙」功能的网络浏览器,藉由「洋葱路由, The Onion Router (Tor)」匿名浏览技术,将上网时所传递的讯息层层加密保护,让使用者在浏览网站时不被监控或侧录,也无法查处原本的 IP 地址或追踪真实的使用者身份。

Tor Browser 是个相对安全一些但速度没法太快的匿名上网服务,没法拿来下载 BT 或其他 P2P,用来看高画质的在线影片也会吃力些,但相对于其他类似服务来说就是安全许多。

Tor Browser 的本体是个修改、强化过的 Mozilla Firefox 浏览器,除了整合了 Tor 相关功能之外,还默认启用了 HTTPS Everywhere 与 NoScript 等扩充套件,藉由停用 JavaScript, Flash, Silverlight, Java… 与某些特殊的句柄来避免某些设计绕过 Tor 而取得你的真实 IP 与相关信息,并以强制 HTTPS 加密联机的方式大幅提升上网时的安全性。

Tor Browser 浏览器把 Tor 服务与操作简单化,只要会上网的人就能轻松享受 Tor 的翻墙与匿名保护…等好处。如果你常常需要突破防火墙来浏览被禁止的网站,或不想在某些情况下被监控或记录,可以直接下载 Tor Browser 浏览器来用。

Tor Browser 6.5.1 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This is the first minor release in the 6.5 series and it mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to 0.2.9.10, OpenSSL to 1.0.1k, and HTTPS-Everywhere to 5.2.11.
Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.
In Tor Browser 6.5 we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.
An other regression introduced in Tor Browser 6.5 is the resizing of the window. We are currently working on a fix for this issue.
Here is the full changelog since 6.5:
  • All Platforms
    • Update Firefox to 45.8.0esr
    • Tor to 0.2.9.10
    • OpenSSL to 1.0.2k
    • Update Torbutton to 1.9.6.14
      • Bug 21396: Allow leaking of resource/chrome URIs (off by default)
      • Bug 21574: Add link for zh manual and create manual links dynamically
      • Bug 21330: Non-usable scrollbar appears in tor browser security settings
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.11
    • Bug 21514: Restore W^X JIT implementation removed from ESR45
    • Bug 21536: Remove scramblesuit bridge
    • Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge
  • Linux
    • Bug 21326: Update the "Using a system-installed Tor" section in start script

Related Posts