CHANGELOG 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642
  1. 1.5.2:
  2. 22 Apr 2013
  3. * bug 8457: Allow session restore if the user allows disk actvity
  4. * bug 8301: Remove the Display Settings panel and associated locales
  5. * bug 6566: Fix "Transparent Torification" option.
  6. * bug 8642: Fix a hang on New Identity.
  7. 1.5.1:
  8. 07 Mar 2013
  9. * bug 8324: Fix Drag+Drop crash by using a new TBB drag observer
  10. * bug 6202: Fix XML/E4X errors with Cookie Protections
  11. * bug 8423: Don't clear cookies at shutdown if user wants disk history
  12. * bug 8382: Leave IndexedDB and Offline Storage disabled.
  13. * bug 8422: Clear DOM localStorage on New Identity.
  14. * bug 8335: Don't strip "third party" HTTP auth from favicons
  15. * bug 5183: Localize the "Spoof english" button strings
  16. * bug 8313: Ask user for confirmation before enabling plugins
  17. * misc: Emit private browsing session clearing event on "New Identity"
  18. 1.5.0
  19. 18 Feb 2013
  20. * bug 5279: Remove old toggle observers and related code
  21. * bug 3100: Simplify Security Preference UI and associated pref updates
  22. * bug 1305: Eliminate redundancy in our Flash/plugin disabling code
  23. * bug 3944: Leave most preferences under Tor Browser's control
  24. * bug 7974: Disable toggle-on-startup and crash detection logic
  25. * bug 5279: Disable/remove toggle-mode code and related observers
  26. * bug 6431: Add menu hint to Torbutton icon
  27. * bug 7495: Make Torbutton icon flash a warning symbol if TBB is out of date
  28. * bug 6096: Perform version check every time there's a new tab.
  29. * bug 6156: Rate limit version check queries to once every 1.5hrs max.
  30. * misc: Allow WebGL and DOM storage.
  31. * misc: Disable independent Torbutton updates
  32. * misc: Change the recommended SOCKSPort to 9150 (to match TBB)
  33. 1.4.6.3
  34. 9 Oct 2012
  35. * bug 5856: Disable JS hooks to make way for direct Firefox patch
  36. 1.4.6.2
  37. 12 Sep 2012
  38. * bug 6803: Set proxy settings earlier to fix broken homepage load on FF15
  39. * bug 6254: Support transparent Tor mode through TOR_TRANSPROXY=1 env var.
  40. 1.4.6.1
  41. 30 Aug 2012
  42. * Bug 6737: Disable window.screen hooks for FF15+ (fixes exception alert)
  43. 1.4.6
  44. 30 May 2012
  45. * Bug 5710: Prevent all sessionstore data saving in TBB
  46. * Bug 5715: Explicitly clear image cache on TBB New Identity
  47. * Bug 4660: Clear search and find boxes on TBB New Identity
  48. * Bug 5729: Make New Identity and New Window a multiple of 200x100px
  49. * Bug 4755: Spoof screen coordinates for DOM MouseEvents
  50. * Bug 4718: Make TBB version check happen on New Window+New Identity
  51. * Bug 5758: Disable WebSockets and IndexedDB for non-TBB users
  52. * Bug 5863: Remove the ability to toggle Torbutton (to prevent leaks)
  53. * Bug 3838: Inform Torbutton users about TBB
  54. * Bug 5092: Sign Torbutton Updates
  55. * Bugs 5673+5732: Change captcha redirect to startpage.com
  56. * Bug 3845: Bump Firefox user agent to 10.0-ESR
  57. 1.4.5.1
  58. 17 Dec 2011
  59. * bug 4722: Fix ability to drag tabs on Windows (due to #4517)
  60. 1.4.5
  61. 14 Dec 2011
  62. * bug 4517: Disable external drag and drop (prevents proxy bypass)
  63. * bug 4099: Disable TLS session tickets to prevent linkability
  64. * bug 4603: Lower HTTP keep-alive timeout to reduce linkability
  65. * bug 4611: Notify user if "New Identity" fails
  66. * bug 4667: Close keep-alive connections on "New Identity" (TBB only)
  67. * bug 4453: Reset SOCKS host and port only when using "recommended settings"
  68. * misc: Perform versioncheck at startup regardless of session restore status
  69. 1.4.4.1
  70. 11 Oct 2011
  71. * misc: Fix a homepage load error on Windows TBB first-run
  72. 1.4.4
  73. 9 Oct 2011
  74. * bug 4197: Allow Torbutton formfill blocking to be disabled
  75. * bug 4058: Fix yet more issues with links opening in new tabs
  76. * bug 4161: Make TBB version check work w/ SocksPort auto builds
  77. * bug 3686: Fix loading of localized homepage on Debian
  78. * bug 4016: Resize window on "New Identity"
  79. * bug 3928: Implement CookieAuthFile password reading
  80. * misc: Fix scoping issue for some stream variables
  81. 1.4.3
  82. 9 Sep 2011
  83. * bug 3933: Don't touch app.update.auto in TBB
  84. * bug 3960: Don't disable zoom.siteSpecific on TBB
  85. * bug 3928: Fix auto-scroll on twitter
  86. * bug 3649: Make permissions and disk errors human-readable
  87. 1.4.2
  88. 3 Sep 2011
  89. * bug 3879: Fix broken framed sites (yopmail, gmane, gmaps, etc)
  90. * bug 3337: Fetch check.tp.o page to check versions (TBB only)
  91. * Bug 3754: Fix SafeCache OCSP errors (fix for TBB only)
  92. 1.4.1
  93. 28 Aug 2011
  94. * bug 523: Implement New Identity (for TBB only)
  95. * bug 3580: Fix hotmail/live breakage (TBB only)
  96. * bug 3748: Disable 3rd party HTTP auth
  97. * bug 3665: Fix several corner cases SafeCache isolation
  98. * bug 3739: Fix https->http CORS failure for SafeCache
  99. * bug 3414: Isolate window.name based on referrer policy
  100. * bug 3809: Disable referer spoofing (fixes navigation issues)
  101. * bug 3819: Fix API issue with cookie protections
  102. * bug 3820: Fix warning w/ session store filter
  103. 1.4.0
  104. 30 Jun 2011
  105. * bug 3101: Disable WebGL. Too many unknowns for now.
  106. * bug 3345: Make Google Captcha redirect work again.
  107. * bug 3399: Fix a reversed exception check found by arno.
  108. * bug 3177: Update torbutton to use new TorBrowser prefs.
  109. * bug 2843: Update proxy preferences window to support env var.
  110. * bug 2338: Force toggle at startup if tor is enabled
  111. * bug 3554: Make Cookie protections obey disk settings
  112. * bug 3441: Enable cookie protection UI by default.
  113. * bug 3446: We're Firefox 5.0, we swear.
  114. * bug #3506: Remove window resize event listener.
  115. * bug #1282: Set fixed window size for each new window.
  116. * bug #3508: Apply Stanford SafeCache patch (thanks Edward, Collin et al).
  117. * bug #2361: Make about window work again on FF4+.
  118. * bug #3436: T(A)ILS was renamed to Tails.
  119. * bugfix: Fix a transparent context menu issue on Linux FF4+.
  120. * misc: Squelch exception from app launcher in error console.
  121. * misc: Make DuckDuckGo the default Google Captcha redirect destination.
  122. * misc: Make it harder to accidentally toggle torbutton.
  123. 1.3.3-alpha
  124. 01 May 2011
  125. * bug 2777: Clear OCSP cache on tor toggle
  126. * bug 2832: Update spoofed user agent to Firefox 4.0
  127. * bug 2838: Make cookie protections dialog work
  128. * bug 2819: Move JS hooks to new JS1.8.5 hooking support on FF4.
  129. * bug 3042: Fix version compatibility issue with FF4.0.1+
  130. 1.3.2-alpha
  131. 21 Mar 2011
  132. * bug 1624: Use nsIDOMCrypto::logout() instead of the SSLv2 pref hack
  133. * bug 1999: Disable tor:// urls by default
  134. * bug 1968: Reset window.name on tor toggle
  135. * bug 2148: Make refspoofing more uniform
  136. * bug 2359: Fix XHTML DTD errors on FF4
  137. * bugs 2465+2421: Fix javascript hook exceptions+issues in FF4.0
  138. * bug 2458: Opt out of Firefox addon usage pings
  139. * bug 2377: Limit the Google captcha cookies copied between google TLDs
  140. * bug 2491: Clean up checks for when to jar protected cookies
  141. * bug 1110: Add popup to ask if we should spoof English Accept: headers
  142. * misc: Remove a noisy FF2 nsICookieManager2 fallback check.
  143. 1.3.1-alpha
  144. 03 Jan 2011
  145. * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri)
  146. * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri)
  147. * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble)
  148. * bugfix: Fix some incorrect log lines in RefSpoofer
  149. * new: Support Firefox 4.0 (many changes)
  150. * new: Place button in the nav-bar (FF4 killed the status-bar)
  151. * misc: No longer reimplement the session store, use new APIs instead
  152. * misc: Simplify crash detection and startup mode settings
  153. 1.3.0-alpha
  154. 30 Sep 2010
  155. * new: Support for transparent proxies in settings
  156. (patch from Jacob Appelbaum and Kory Kirk)
  157. * new: tor:// and tors:// url support to auto-toggle into tor mode
  158. (patch from Kory Kirk)
  159. * new: Cookie manager to allow individual Cookie protection
  160. (patch from Kory Kirk)
  161. * new: Add referrer spoofing based on modified same origin policy
  162. (patch from Kory Kirk)
  163. * new: Add DuckDuckGo.com as a Google captcha redirect destination
  164. (patch from aiden tighe)
  165. * bugfix: bug 1911: Fix broken useragent locale string on debian
  166. (patch from lunar)
  167. * bugfix: Fix captcha detection for encrypted.google.com
  168. 1.2.5
  169. 08 Apr 2010
  170. * bugfix: bug 1169: Fix blank popup conflict with CoolPreviews
  171. * bugfix: bug 1246: Fix IST and other HH:30 timezone issues.
  172. * bugfix: bug 1219: Fix the toggle warning loop issue on settings change.
  173. * bugfix: bug 1321: Fix a session restore bug when closing the last window
  174. * bugfix: bug 1302: Update useragent to FF3.6.3 on WinNT6.
  175. * bugfix: bug 1157: Add logic to handle torbutton crashed state conflicts
  176. * bugfix: bug 1235: Improve the 'changed-state' refresh warning message
  177. * bugfix: bug 1337: Bind alert windows to correct browser window
  178. * bugfix: bug 1055: Make the error console the default log output location
  179. * bugfix: bug 1032: Fix an exception in the localhost proxy filter
  180. * misc: Always tell a website our window size is rounded even if it's not
  181. * misc: Add some suggestions to warning about loading external content
  182. * new: Add option to always update Torbutton via Tor. On by default
  183. * new: Redirect Google queries elsewhere on captcha (default ixquick)
  184. * new: Strip identifying info off of Google searchbox queries
  185. 1.2.4
  186. 16 Dec 2009
  187. * bugfix: bug 1169: Fix blank popup conflict with Google Toolbar
  188. * bugfix: bug 1171: Properly store and set network.dns.disablePrefetch
  189. * bugfix: bug 1165: Fix an exception on toggle in FF3.6
  190. * bugfix: bug 1163: Fix history loss in FF3.6
  191. * bugfix: Fix a typo error during logging
  192. * bugfix: Properly handle session restore in FF3.6
  193. * misc: Kill a warning message about missing properties in window-mapper.js
  194. * new: Add a new pref to disable Livemark updates during Tor usage (FF3.5+)
  195. 1.2.3
  196. 02 Dec 2009
  197. * bugfix: bug 950: Preserve useragent and download settings across toggle
  198. * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
  199. * bugfix: bug 1041: Preserve tab history in FF3.5
  200. * bugfix: bug 1047: Fix spurious user agent change notice
  201. * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
  202. * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
  203. * bugfix: bug 1085: Fix test settings issues with dead privoxy
  204. * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
  205. * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
  206. * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
  207. * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
  208. * bugfix: bug 1152: Close tabs on toggle prevents toggling in FF3.5"
  209. * bugfix: bug 1154: Clarify "Last Tor test failed" message
  210. * misc: Disable geolocation in FF3.5 during Tor mode
  211. * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
  212. * misc: Disable offline app cache during Tor mode
  213. * misc: Disable specific site zoom settings during Tor mode
  214. * new: Transfer Google cookies between country-code domains. This should
  215. make it such that captchas only need to be solved once per Tor session,
  216. as opposed to for each country.
  217. 1.2.2
  218. 09 Aug 2009
  219. * bugfix: Workaround Firefox Bug 440892 to prevent external apps from
  220. being launched (and thus bypassing proxy settings) without user
  221. confirmation. Independently reported by Greg Fleischer and optimist.
  222. * bugfix: Create a separate "No Proxy For" option and remove the
  223. string "localhost" from proxy exemptions. Prevents a theoretical
  224. proxy bypass condition discovered by optimist. Fix based on patch from
  225. optimist.
  226. * bugfix: bug 970: Purge undo tab list on Tor toggle.
  227. * bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages.
  228. Mac OS writes Firefox console messages to disk by default.
  229. * bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy
  230. strings to fail to display.
  231. * misc: bug 1006: Pop up a more specific failure message for pref
  232. changing errors during Tor toggle.
  233. * misc: Fix a couple of strict javascript warns on FF3.5
  234. * misc: Add chrome url protection call to conceal other addons during
  235. non-Tor usage. Patch by Sebastian Lisken.
  236. * misc: Remove torbutton log system init message that may have scared some
  237. paranoids.
  238. 1.2.1
  239. 21 Mar 2009
  240. * bugfix: bug 773: Fixed Noscript conflict issue.
  241. * bugfix: bug 866: Fixed conflict with ZoTero
  242. * bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore
  243. Torbutton's spoofed user agent if Tor is enabled.
  244. * bugfix: bug 909: Get Torbutton to "properly" react to users changing
  245. their Firefox cookie lifetime settings as opposed to using the Torbutton
  246. interface.
  247. * bugfix: bug 834: Fix session saving and startup issues
  248. * bugfix: bug 875: Removed docShell == null popup during toggle for
  249. some users
  250. * bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
  251. * bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
  252. * bugfix: Stop-gap timezone spoofing fix for Linux and Mac
  253. for FF3. Requires a one-line patch to Firefox for Windows to work.
  254. * bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
  255. * misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
  256. * misc: bug 836: redesign startup preference window to make it more
  257. understandable
  258. * misc: Torbutton now presents itself as Windows FF3.0.7.
  259. * misc: Change RDF to allow Torbutton to run on FF3.1 betas.
  260. 1.2.0
  261. 30 Jul 2008
  262. * bugfix: bug 777: Fix issue with locale spoofing breaking translations.
  263. * bugfix: bug 778: Preserve locale in spoofed version if user does not want
  264. locale spoofing.
  265. * bugfix: bug 780: Keep session cookies during Tor toggle.
  266. * bugfix: Potential fix for some PKCS#12 issues.
  267. * bugfix: Fix crash recovery and uninstall/upgrade to avoid cookie loss.
  268. * misc: Translation updates.
  269. 1.2.0rc6:
  270. 12 Jul 2008
  271. * bugfix: Fix bug causing Firefox history to get cleared in some situations
  272. * bugfix: bug 753: Fix exception thrown during Tor toggle in some instances
  273. * bugfix: bug 758: Fix resize issue where 0x0 windows could be created
  274. * bugfix: Fix some potential permission denied issues with cookie jars
  275. * bugfix: bug 520: Fix issue where Javascript stayed disabled in some tabs
  276. * bugfix: Apply cookie lifetime settings to Tor settings on first install.
  277. * bugfix: Don't disable Firefox preferences when Torbutton is uninstalled
  278. * misc: Allow automatic updates in FF3 by default. They are secure now.
  279. * misc: Translation updates
  280. 1.2.0rc5
  281. 06 Jul 2008
  282. * bugfix: bug 734: Fix exception with clearing history on toggle
  283. * bugfix: bug 735: Fix exception with blocking Non-Tor history writes
  284. * bugfix: bug 720: FF3 cookie jar fix submitted by arno
  285. * misc: translation updates for French, Farsi, and others
  286. * misc: demote "mapper check" log message to info
  287. * new: Option to not write cookie jars to disk submitted by arno
  288. 1.2.0rc4
  289. 27 Jun 2008
  290. * misc: Refuse to jar cookies under Firefox 3. Lame workaround for Firefox
  291. Bug 439384, but it's the best we can do. At least we won't destroy
  292. cookies anymore.
  293. * misc: Some strings were present twice in the en-US locale. Didn't seem
  294. to cause any problems, but probably should be fixed.
  295. 1.2.0rc3
  296. 27 Jun 2008
  297. * bugfix: Lots of compatibility updates with other extensions. Issues
  298. with SpeedDial, Google Notebook, TabMixPlus, and others have been fixed.
  299. * bugfix: Fix bug with first window/tab after restart being partially
  300. prevented from performing network activity and/or history access.
  301. * bugfix: Add an additional pref for blocking Non-Tor file url network
  302. activity. Off by default. This should fix issues with Sage addon in
  303. Non-Tor mode.
  304. * bugfix: Be better about saving all sorts of Firefox prefs that we touch
  305. so that users' Non-Tor preferences are remembered.
  306. * bugfix: Fix potential issues with FF3 sessionstore by updating component,
  307. and performing version detection.
  308. * bugfix: Separate toggle into a 3 stage process to eliminate potential
  309. race conditions and issues with javascript and other functionality
  310. not working after Tor toggle.
  311. * new: Added 'Test Settings' button to Proxy Preferences that uses
  312. check.torproject.org to verify Tor status.
  313. * misc: Improve 'Restore Defaults' to reset all prefs that we touch.
  314. * misc: Fix logging system to be more user-legible.
  315. 1.2.0rc2
  316. 08 Jun 2008
  317. * bugfix: MacOS: Fix broken Tor state/toggle issues when all windows are
  318. closed but app stays open
  319. * misc: Potential performance improvements when many windows+tabs are open
  320. * new: Add 'locked mode' pref to allow users to disable one-click toggling
  321. * new: Add prefs to start Firefox with a specific Tor state.
  322. 1.2.0rc1
  323. 01 Jun 2008
  324. * general: FF3 should now be functional, but timezone masking is not
  325. operational
  326. * bugfix: Fix Places/history component hooking in FF3
  327. * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
  328. if history writes are disabled.
  329. * bugfix: General component hooking fixes for FF3
  330. * bugfix: Block favicon leaking in FF3
  331. * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
  332. * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
  333. * bugfix: Properly reset cookie lifetime policy when user changes cookie
  334. handling options.
  335. * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
  336. * bugfix: navigator.oscpu hooking was broken in 1.1.18
  337. * bugfix: Try to prevent alleged 0x0 windows on crash recovery
  338. * bugfix: Attempt to block livemarks updates during Tor. Only partial fix.
  339. Not possible to cancel existing Livemarks timer (one fetch will still
  340. happen via Tor before disable). See Firefox Bug 436250
  341. * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
  342. mimetypes just in case our custom full page blocking code fails
  343. 1.1.18
  344. 17 Apr 2008
  345. * bugfix: Fix Gmail exceptions involving window.navigator that made Gmail
  346. unusable after recent updates by Google.
  347. * bugfix: Fix an exception in the content policy that may have prevented
  348. some AJAX page elements from loading.
  349. * bugfix: Fix regression on cross-state favicon leak introduced in 1.1.17
  350. * bugfix: Fix to make clear private data work again by fixing up history
  351. hooking (may also help FF3 compatibility).
  352. * bugfix: Fix Yahoo email account creation (broken due to Date.valueOf()
  353. weirdness).
  354. * bugfix: Fix to allow plugins if the user unchecks the plugin blocking
  355. preference
  356. * bugfix: Fix bug 638: eliminate cross-state history popup on session
  357. restore
  358. * bugfix: Only resize windows on document load. Hopefully this will make
  359. the resizing code less annoying, and drift less.
  360. * bugfix: Fix Object.prototype extensions involving the Date object
  361. (observed on LiveJournal)
  362. * bugfix: Fix javascript debugger compatibility issues involving source
  363. window display and other functionality.
  364. * misc: Prevent blocked popups from opening blank, unusable windows
  365. * misc: Updated firefox version to 2.0.0.14
  366. * new: New translations for French, Russian, Farsi, Italian, and Spanish.
  367. 1.1.17
  368. 15 Mar 2008
  369. * bugfix: Improve chrome disclosure protection (patch from Greg Fleischer)
  370. * bugfix: Block network access from file urls to workaround Firefox
  371. 'Content-Disposition' file stealing attack (found/fixed by Greg)
  372. * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  373. * bugfix: Improve Torbutton chrome concealment (found by Greg)
  374. * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  375. * bugfix: Don't resize maximized windows
  376. * misc: Improve window resizing to only resize on document load,
  377. and to try to address drift by remembering window sizes
  378. * misc: Clear session history if clear history on tor toggle is set
  379. * new: Remove history hooks in favor of nsISHistoryListeners that
  380. prevent history navigation from alternate Tor states
  381. 1.1.16
  382. 03 Mar 2008
  383. * bugfix: Fix yet more javascript unmasking issues found by Greg.
  384. Date is still unmaskable.
  385. * bugfix: Close tabs *before* toggling proxy settings if pref is set.
  386. * bugfix: Fix a couple exceptions thrown on resizing and plugin canceling
  387. 1.1.15
  388. 26 Feb 2008
  389. * bugfix: Fix hook unmasking of window.screen, window.history,
  390. and window.navigator discovered by Greg Fleischer. window.Date
  391. unmasking is still unfixed. window.history unmasking represents
  392. potential IP disclosure due to Firefox Bug 409737.
  393. * bugfix: Fix view-source extension disclosure bug found by Greg
  394. Fleischer.
  395. * bugfix: Fix javascript and about links. Found by Greg Fleischer.
  396. * new: Attempt to prevent window sizes from drifting during resize.
  397. 1.1.14
  398. 24 Feb 2008
  399. * bugfix: set general.useragent.locale if user wants to spoof an English
  400. browser. This handles navigator.locale
  401. * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  402. * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  403. * bug 580: Resize preferences window to fit in 640x480 displays
  404. * new: Spoof window.screen to mask desktop resolution and resize the
  405. browser to multiples of 50px while tor is enabled.
  406. * new: Block content window access to chrome urls if Tor is enabled,
  407. and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for
  408. reporting the chrome disclosure issues
  409. * new: Added option to close all opened tabs on a Tor toggle. Useful
  410. for general convenience and also as a backup protection against
  411. Bug 409737.
  412. * new: Add Tor ports to the list of banned ports for Firefox. Should
  413. prevent http-ping based fingerprinting attacks.
  414. * new: Finally add support for automatic updates.
  415. 1.1.13
  416. 01 Feb 2008
  417. * bugfix: Implement workarounds to disable Javascript network access
  418. for Firefox Bug 409737
  419. * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296
  420. * misc: Set network.protocol-handler.warn-external.* to warn on external
  421. app handlers during Tor usage
  422. * misc: Disable browser.safebrowsing.enabled during Tor usage since it
  423. retrieves some information in plaintext.
  424. * misc: Disable browser.send_pings.
  425. * misc: Block Javascript back/forward manipulation if Tor is enabled
  426. * new: Option to clear HTTP auth on Tor toggle
  427. 1.1.12
  428. 26 Nov 2007
  429. * bugfix: bug 520: Fix some content policy/tagging issues. Not sure if this
  430. is the whole bug.
  431. * bugfix: Fix a nasty bug where torbutton mostly broke if the first Firefox
  432. window was closed (introduced in 1.1.11)
  433. * bugfix: Fix a favicon proxy-leak discussed in onionland
  434. 1.1.11
  435. 16 Nov 2007
  436. * bugfix: Fix a scope issue with the JS hooks that caused problems with
  437. some sites (gmail, others?)
  438. * misc: Performance enhancements for speeding up toggle
  439. * new: Prevent Tor cookies from being written to disk if the user wants
  440. them cleared.
  441. 1.1.10
  442. 06 Nov 2007
  443. * bugfix: bug 522: Try harder to kill plugins before they do any network IO
  444. (discovered by goldy)
  445. * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
  446. location event.
  447. * misc: New logging system
  448. * new: Have user choose between starting in Tor or Non-Tor after crash.
  449. Leaving it to Firefox is non-deterministic and should not be an option.
  450. 1.1.9.1
  451. 23 Oct 2007
  452. * bugfix: 1.1.9 killed all plugins. Bring them back to life.
  453. 1.1.9
  454. 21 Oct 2007
  455. * bugfix: bug 519: Fix Ubuntu Gutsy hang on startup.
  456. * bugfix: bug 521: Fix yet more false positive popups introduced in 1.1.8
  457. * bugfix: bug 522: Block loading of direct clicks of plugin-handled content
  458. (discovered by goldy).
  459. 1.1.8
  460. 01 Oct 2007
  461. * bugfix: bug 503: Prevent sessionstore from writing Tor tabs to disk
  462. * bugfix: bug 510: Decouple cookie clearing from Clear Private Data settings
  463. * bugfix: bug 474: Decouple password+form saving from history writing
  464. * bugfix: bug 460: Rework handling of hooking based on global events+window
  465. lookup
  466. * bugfix: Hooking fixes for pages with nested frames/iframes
  467. * bugfix: Cookies are now properly synced before storing into a jar
  468. * misc: Tightened up the alerts a bit more for the javascript hooking
  469. * misc: Changed defaults to be less intrusive to non-tor usage
  470. * new: Added options to start in Tor and reload cookies after browser crash
  471. * new: Added ability to have both tor and non-tor cookie jars
  472. 1.1.7
  473. 20 Sep 2007
  474. * bugfix: bug 495: couple of memory leaks found and fixed by arno
  475. * bugfix: bug 497: uninstall exception found and fixed by arno
  476. * bugfix: bug 460: No more alerts should happen. But does that mean its
  477. fixed? Outlook uncertain...
  478. * bugfix: bugs 461+489: verbosity+macos logging issues resolved
  479. * bugfix: if javascript is disabled, the hooking code no longer complains
  480. * misc: Update spoofed Firefox version to 2.0.0.6
  481. * new: "Restore Defaults" button added to the preferences window
  482. 1.1.6
  483. 30 Jul 2007
  484. * bugfix: Fix an exception that may have messed up cookie/cache clearing
  485. if you allowed Tor to write history URLs (possibly kills bug #457)
  486. * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking
  487. misses (possibly kills bug #460)
  488. * misc: Clean up annoying false positives with date hooking checks
  489. 1.1.5
  490. 17 Jul 2007
  491. * bugfix: Reset shutdown option if user wants to manually manage cookies
  492. * misc: Add code to detect date hooking failures to zero in on Bug #460
  493. * new: Pref to disable "DOM Storage" during Tor usage
  494. 1.1.4 - Defcon CD Release
  495. 6 Jul 2007
  496. * bugfix: Make plugin state tied to tab load state also
  497. * bugfix: Date hooking bug. getUTCYear is not defined. Must call getYear..
  498. * new: Add options to spoof charset and language headers
  499. * new: Add option to disable referer header. This can break some sites.
  500. Seems to break digg in particular.
  501. * new: Copy English strings to all language DTDs so they are at least
  502. functional.
  503. 1.1.3 - Black Hat CD Release
  504. 30 Jun 2007
  505. * bugfix: Fully disable session store if option is set. Otherwise it
  506. can save Tor tabs and cause them to be reloaded during Tor usage!
  507. * new: Differentiate between crucial and recommended settings in preferences
  508. 1.1.2
  509. 22 Jun 2007
  510. * bugfix: Make js hooking a bit more invisible
  511. * bugfix: Improve navigator.* hooking for user agent spoofing
  512. * new: Block session saving during tor usage
  513. * new: Add options to clear cookies during Tor/Non-Tor shutdowns
  514. 1.1.1
  515. 20 Jun 2007
  516. * bugfix: Remove Date hooks from DOM after inserted. Fixes some sites
  517. who expect a fixed DOM structure.
  518. * new: Integrated Collin Jackson's history blocking+cookie jar code, adapted
  519. it to handle various Tor States+read/write differentiation.
  520. * new: Allow users to manually manage cookies
  521. * new: Mark tabs as having been fetched via Tor or in the clear
  522. * new: Add code to only enable javascript on tabs with the same Tor load
  523. state as the current
  524. * new: options to clear the cache, block disk cache, or block all caching
  525. * new: Created options tabbox
  526. * new: Option to block updates if Tor was enabled
  527. * new: Add nsIContentPolicy to block CSS popups from pages with a different
  528. load state than current Tor State.
  529. * new: Added user agent spoofing code
  530. * new: Support FireFox 2.0 only
  531. * new: Disable "safe browsing" remote lookups
  532. * new: block session saving
  533. 1.1.0 - Security Development begins (Alpha branch)
  534. 31 Mar 2007
  535. * new: Option to disable all plugins during Tor usage
  536. * new: Javascript hooking to mask timezone for Date Object, attempted CSS fix
  537. * new: Options to clear history and cookies on Tor toggle
  538. * bugfix: Fix logging to use error console if logger extension not present
  539. 1.0.5
  540. 18 Nov 2006
  541. * bugfix: fix the about box in firefox 1.0
  542. * bugfix: set the toolbar button to the correct state upon insertion into
  543. the toolbar (ff >= 1.5 only)
  544. * bugfix: clarify the wording of the one-liner extension description
  545. * bugfix: bypassing privoxy with Firefox <= 1.0 is not recommended
  546. * bugfix: remember previous "custom" proxy settings
  547. * misc: new icons
  548. * misc: keyboard shortcut re-assigned to ctrl-2
  549. * new: previous proxy settings are restored after exiting tor mode
  550. * new: if the torbutton proxy settings are changed while torbutton is
  551. enabled, then the active proxy settings are updated to reflect it
  552. * new: added twelve locales
  553. 1.0.4
  554. 01 Jun 2006
  555. * bugfix: without-privoxy settings were incorrect
  556. * bugfix: https settings did not take effect until firefox restart
  557. * bugfix: let firefox generate our about box, so it will include the version
  558. 1.0.3
  559. 31 May 2006
  560. * bugfix: statusbar style would reset to text after firefox restart
  561. 1.0.2
  562. 23 May 2006
  563. * bugfix: fixed problem with socks_remote_dns
  564. * new: mozilla thunderbird support
  565. * new: user may customize proxy settings for nonstandard configurations
  566. * new: option to not use privoxy in the standard configuration
  567. * new: slovenian translation
  568. * new: french translation
  569. * new: keyboard shortcut (control-shift-t, changeable via keyconfig)
  570. * new: context menu for toolbar button and statusbar panel
  571. * new: attractive tor icons
  572. * new: about dialog
  573. * new: option to display statusbar as an icon instead of text
  574. 1.0.1
  575. 16 Mar 2006
  576. * bugfix: toolbar button tooltips now display the correct status
  577. * bugfix: set socks5 proxy to tor port (9050) instead of privoxy (8118)
  578. * bugfix: allow user to change proxy exclusion list ("no proxy for")
  579. * new: use socks_remote_dns on firefox versions that have it
  580. * new: added update functionality through the extensions manager
  581. * new: added preference: display statusbar panel (yes/no)
  582. * new: added compatibility with firefox 1.0 and 0.9
  583. 1.0
  584. 07 Mar 2006
  585. * initial release