The anonymizing Tor Browser is now in Version 10.5.5 for Windows, Linux, macOS and Android available. In addition to platform-specific bug fixes and component updates, the new version of the browser also contains some security-relevant updates.
Tor and Firefox base secured
The version of the Tor network used by the browser for anonymization has been updated to version 0.4.5.10. The update eliminates a vulnerability that would have allowed remote attackers to carry out denial-of-service attacks without prior authentication under certain conditions. Information about vulnerable and secured Tor versions is a Advisory des DFN-CERT zu CVE-2021-38385 as well as one Blog entry about the current Tor releases refer to.
The Android edition of the Tor browser is now based on a new Firefox base, namely version 91.2.0. It contains fixes for a number of security vulnerabilities, some of which pose a high risk. According to Mozillas Security Advisory zu Firefox 91 The holes could be misused for exploitable program crashes and, with some effort, for code execution.
Download and further information
The Blog entry about Tor Browser 10.5.5 together. There is also the note that the support for the Onion Services (Tor Hidden Services) v2 by the Tor Browser will “very soon” be discontinued in favor of v3. Browser users should update their bookmarks accordingly to v3 onion addresses.
Tor Browser 10.5.5 can be downloaded from the Tor project download site, from its Distribution Directory or can be downloaded via heise download.
(ovw)
