New Release: Tor Browser 12.5.6

How come there is another update so soon after 12.5.5?

How come there is another update so soon after 12.5.5

security updates: Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1. — Mozilla

Ah that makes sense, I tried clicking the link in the original post (https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42135) but it gave 404. Many thanks

worksforme: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42135 - issue is not confidential

After new update, antivirus see: Trojan:Win32/Malgent!MTB
When its delete Tor not working

Yes, I’ve got that problem too.
Windows defender treats new version of tor.exe as troyan and deletes it.
Here is a screenshot:

image1669×907 35.9 KB

@Dev guys, could you please look at that?

Yes, there is a problem with tor.exe (0.4.7.15) - Microsoft has flagged this as a Trojan (Win32/Malgent!MTB) and is mercilessly removing tor from both the service and the browser on their windows systems

The incident happened today

Results: VirusTotal

You’ve got a platform antivirus program removing a needed part to run Tor. I think it is in the project’s interest to get Microsoft to fix this if this truly isn’t a trojan. Otherwise, most Windows users wouldn’t want to (or even can’t) be running this version. The things that people do to get Tor to run now is to 1) reinstall the previous version and pause on update (maybe a dangerous activity for most people in itself) and 2) use Tor.exe from the previous release.

This could be a false positive, but it does effect most Windows users. OTH, if this is a true positive, nobody can evaluate it better than the project and Microsoft. 3CX supply-chain attack started off this way too.

Im receiving the same results as well! Even not connecting to tor is a problem.

Same problem as above, after upgrading to 12.5.6, Windows 10 Defender reported a “Trojan:Win32/Malgent!MTB” on “…Tor Browser\Browser\TorBrowser\Tor\tor.exe”.

For now, I replaced the tor.exe with on older version of the exe file but the Tor Project should avoid such problem because novice user will likely panic because of such message (namely a Virus threat, especially when it is a false positive) which cannot be fixed by “normal” means.

I’m not sure what heuristics Windows Defender uses to determine a “Trojan:Win32/Malgent!MTB” but running an upgrade and being greeted with such threat message isn’t helpful for either the project nor the user.

I’m assuming that the 12.5.6 release doesn’t contain a Trojan:Win32/Malgent!MTB but an official verification about the non-existence would be much appreciated.

Is there any update regarding the Trojan issue? I would really like to get back to using the TOR Browser soon…waiting for a proper update.

Also, somehow the Mullvad Browser did not have a corresponding update and is still on 12.5.5. Seemed a bit out of place to me.

image871×230 11.9 KB

Looks like there will be Tor Browser 12.5.7 soon enough because they have discovered yet another vulnerability in libvpx (CVE-2023-44488). Looking at the commit log for libvpx, it’s an absolute mine field. I wonder if TB should just set “media.mediasource.vp9.enabled” to false for the time being.

Here is what I learnt when I had this type of problem with Norton.

This is for Windows and assumes a typical standard install onto the desktop.

First the whole Tor browser is just a drop-in folder onto the desktop.

Set the option to NOT auto-update but only give a notice.

When a notice comes in, copy the whole folder to somewhere else like a USB stick.

Do the update.

If your AV thinks it is a malware just delete the whole folder from the desktop then drop the backup folder back on to the desktop.

Problem solved.

The most effective thing is: send the binary to the manufacturer of the antivirus software and write that it is recognized incorrectly.
This is how I do it with preinstalled Avast shit on my Android phone.

Yes that is the ultimate solution unless the AV vendor deletes it. (Norton put it in a “quarantine” box.)

But in the meantime you are without Tor. My “trick” is an immediate solution while you wait for the green light from the AV.

Off topic: If Avast is such a shit why not replace it?

Easy fix:

Tor Browser 12.5.6 under Windows triggers firewall block

The solution is to go into Windows Firewall and disable the rule that blocks outbound Firefox connections.

Its certainly looking that way seeing as it has a severity score of 7.5/10 from the first analysis and its been modified again since then.
https://nvd.nist.gov/vuln/detail/CVE-2023-44488

As far as I understand Tor Browser 13.0 is scheduled to be released today, but there has not been a Firefox release with the fix for CVE-2023-44488 yet. In fact, it hasn’t been cherry picked to their repository either (they don’t seem to use the stock libvpx version). I’m kind of confused here, Firefox devs are usually very fast at fixing things. Maybe Firefox is not affected due to its specific usage of libvpx? Who knows, all of the bug reports are private/restricted.

We had some last minute fixes for which we decided to push the 13.0 release of a few days.
We want to publish before Firefox 115.4.0 for sure.

We haven’t heard of scheduled releases from Mozilla, yet. So, 12.5.7 is not scheduled on our side either.
From what I know, earlier fixes weren’t used against Firefox, but only against “other products” (from what Mozilla’s advisories say).