by richard | September 24, 2023
Tor Browser 13.0a5 is now available from the Tor Browser download page and also from our distribution directory.
This release updates Firefox to 115.3.0esr, including bug fixes, stability improvements and important security updates. Android-specific security updates from Firefox 118 are not yet available, but will be part of the next alpha release scheduled for next week.
Major Changes
This is our fifth alpha release in the 13.0 series which represents a transition from Firefox 102-esr to Firefox 115-esr. This builds on a year's worth of upstream Firefox changes, so alpha-testers should expect to run into issues. If you find any issues, please report them on our gitlab or on the Tor Project forum.
We are in the middle of our annual esr transition audit, where we review Mozilla's year's worth of work with an eye for privacy and security issues that would negatively affect Tor Browser users. This will be completed before we transition the 13.0 alpha series to stable. At-risk users should remain on the 102-esr based 12.5 stable series which will continue to receive security updates until 13.0 alpha is promoted to stable.
Build Output Naming Updates
As a reminder from the 13.0a3 release post, we have made the naming scheme for all of our build outputs mutually consistent. If you are a downstream packager or in some other way download Tor Browser artifacts in scripts or automation, you will have a bit more work to do beyond bumping the version number once the 13.0 alpha stabilizes. All of our current build outputs can be found in the distribution directory
Known Issues
All Platforms
The Snowflake pluggable-transport is no longer working for some users due to cdn.sstatic.net resolving to a Cloudflare IP rather than a Fastly one. As a result, the domain fronting functionality required by the Snowflake pluggable-transport no longer works and users will not be able to use it to connect to tor on versions of Tor Browser older than 13.0a5.
For now, this can be worked around by using custom Snowflake bridge lines with an updated fronting domain. Directions on how to do this can be found on this post on the tor forum:
This issue is being tracked here and is fixed in 13.0a5 and will also be fixed in the next stable release. Users who rely on Snowflake for Tor connectivity will not be able to bootstrap and update their Tor Browser instance without the aforementioned manual workaround.
Desktop
The automatic censorship circumvention system is also currently failing due to the same domain-fronting issue affecting snowflake. As a workaround, users can set the extensions.torlauncher.bridgedb_front preference to foursquare.com in Tor Browser's about:config page.
This issue is being tracked here and will be fixed in the next stable and alpha releases.
Full changelog
The full changelog since Tor Browser 13.0a4 is:
This is a companion discussion topic for the original entry at https://blog.torproject.org/new-alpha-release-tor-browser-130a5