The sixth pointfix release of the Tor Browser 3.6 series is available from the Tor Browser Project page and also from our distribution directory: https://www.torproject.org/download/download-easy.html https://www.torproject.org/dist/torbrowser/3.6.6/
This release features important security updates to Firefox: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
Here is the complete changelog for 3.6.6: All Platforms Update Tor to tor-0.2.4.24 Update Firefox to 24.8.1esr Update NoScript to 2.6.8.42 Update HTTPS Everywhere to 4.0.1 Bug 12998: Prevent intermediate certs from being written to disk Update Torbutton to 1.6.12.3 Bug 13091: Use "Tor Browser" everywhere Bug 10804: Workaround fix for some cases of startup hang Linux Bug 9150: Make RPATH unavailable on Tor binary.
-----------------------------------------------------------------------
Tor 0.2.4.24 fixes a bug that affects consistency and speed when connecting to hidden services, and it updates the location of one of the directory authorities.
Changes in version 0.2.4.24 - 2014-09-22 o Major bugfixes: - Clients now send the correct address for their chosen rendezvous point when trying to access a hidden service. They used to send the wrong address, which would still work some of the time because they also sent the identity digest of the rendezvous point, and if the hidden service happened to try connecting to the rendezvous point from a relay that already had a connection open to it, the relay would reuse that connection. Now connections to hidden services should be more robust and faster. Also, this bug meant that clients were leaking to the hidden service whether they were on a little-endian (common) or big-endian (rare) system, which for some users might have reduced their anonymity. Fixes bug 13151; bugfix on 0.2.1.5-alpha.
o Directory authority changes: - Change IP address for gabelmoo (v3 directory authority).
o Minor features (geoip): - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2 Country database.