New Release: Tor Browser 13.0.13

system · March 22, 2024, 5:16pm

by richard | March 22, 2024

Tor Browser 13.0.13 is now available from the Tor Browser download page and also from our distribution directory.

This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms. Android is unaffected.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 13.0.12 is:

Windows + macOS + Linux
- Updated Firefox to 115.9.1esr
- Bug tor-browser#42473: ESR 115.9.1 fixes
- Bug tor-browser#42474: Rebase stable browsers on 115.9.1

This is a companion discussion topic for the original entry at https://blog.torproject.org/new-release-tor-browser-13013

turkeybaster · March 23, 2024, 2:04am

The above link loads as a 404 error message.

thorin · March 23, 2024, 2:07am

Because it’s confidential. Dev teams needs to allow users time to update, so there is always a delay. If you want more information you can see Security Vulnerabilities fixed in Firefox 124.0.1 — Mozilla which lists the CVEs (not everything applied to ESR or all platforms)

edited: linked the wrong release

tbb2024 · March 23, 2024, 4:26pm

Hello - I’m getting bad signature on this one

gpgv: Signature made Fri 22 Mar 2024 12:57:12 PM EDT
gpgv: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpgv: BAD signature from “Tor Browser Developers (signing key) torbrowser@torproject.org”

trinity-1686a · March 23, 2024, 4:35pm

@tbb2024 is there a line below that, probably gpg: Note: This key has expired! ?
It’s possible the copy of the gpg key you have is no longer up to date, you’ll need to update it to verify the signature.
You can do so wiith gpg --refresh-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 (see Refreshing the PGP key on this page)

If it just says bad signature and nothing else, make sure you were able to download the entire file and the download didn’t fail halfway through.

code9n · March 25, 2024, 3:49pm

Hope this is an okay place to say this.

With the new 13.0.13 browser the ability to select [something to the effect of] ‘always prioritize onion sites’ has been removed from the GUI options at the top of the, Settings / Privacy and Security, page. I found that very useful.
I want to be able to set ttb so that I don’t have to go to the clear net version of every site (with a .onion counterpart) before getting the option to redirect to the onion version. I just want to go straight to the onion site. That way it must be more private, not coming out of the Tor network to reach a given site, just going straight to the onion site itself.

Can we have that option back, pls?

I tried using: about:config : privacy.prioritizeonions.showNotification but setting that to true alone does not prioritize onion sites, it just shows the notice that there is an onion site available each time and asks if I want to go to it. Which seems to be the default behavior anyway.

Is it no longer possible to prioritize onion sites? To go straight to them? If it is can someone tell me how to set that, pls?

Thanks.

ebanam · March 25, 2024, 3:52pm

@code9n, New Release: Tor Browser 13.0.12 - #2 by panino

The feature was deactivated preemptively to allow us to investigate its potential for exploits. We are conducting more research and will continue to update our recommendations as more information becomes available.

code9n · March 25, 2024, 4:19pm

Thanks.