Tor Browser 8.0.9 was released on May 7, 2019 to the public. The new version addresses a major issue in Mozilla's add-on signing platform that caused verification to fail.
Tor Browser is based on Firefox ESR code, and since Firefox ESR, and any other version of Firefox, was affected by the issue, so was Tor Browser.
The Tor project informed users of the browser about the issue on its website
Tor users found the add-ons NoScript, HTTPS Everywhere, Torbutton, and TorLauncher disabled, and marked as legacy extensions. The same happened to Firefox users worldwide who all lost access to their installed extensions.
Mozilla fixed the issue in the meantime in Firefox (including Firefox ESR), and Tor Browser 8.0.9 does the same. Means, add-ons should show up as installed again after Tor Browser is updated to the new version or installed anew.
Note: The Brave browser supports Tor as well; it was not affected by the issue.
Tor users and admins can download the latest version of the web browser from the official project website. It is available for the desktop operating systems Windows, Mac OS and Linux, and the mobile operating system Android.
You may run an update check by opening Menu > Help > About Tor Browser.
Tor users who use the built-in extensions or others are encouraged to update to the new version to fix the issue. Add-ons should return to the enabled state automatically after the update.
The entire changelog:
Update Torbutton to 2.0.13
Bug 30388: Make sure the updated intermediate certificate keeps working
Backport fixes for bug 1549010 and bug 1549061 *
Bug 30388: Make sure the updated intermediate certificate keeps working *
Update NoScript to 10.6.1
Bug 29872: XSS popup with DuckDuckGo search on about:tor
Tor users who disabled add-on signing in the browser to fix the issue temporarily may want to consider enabling it again. This is done by loading about:config in the browser's address bar, searching for xpinstall.signatures.required and setting the preference to True.
True means that Firefox will verify the certificate of installed extensions and extensions that are about to be installed in the browser. Extensions without valid certificate cannot be installed or used if the setting is enabled (with some exceptions, e.g. temporary add-ons). (via Born)Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.