This version includes important security updates to Firefox.
Thanks to WhyNotHugo for fixing the "Contributing" link in our README file.
Send us your feedback
If you find a bug or have a suggestion for how we could improve this release, please let us know.
Full changelog
The full changelog since Tor Browser 15.0a1 is:
- All Platforms
- Updated NoScript to 13.0.9
- Updated OpenSSL to 3.5.2
- Bug tor-browser#43727: Update moz-toggle customisation for ESR 140
- Bug tor-browser#43832: Drop eslint-env
- Bug tor-browser#43864: Remove features from the unified search button
- Bug tor-browser#44045: Drop AI and machine learning components
- Bug tor-browser#44048: Backport Bug 1979608
- Bug tor-browser#44069: Update
meek-azurerelated strings tomeek - Bug tor-browser#44094: Rebase Tor Browser alpha onto 140.2.0esr
- Bug tor-browser#44100: Backport Security Fixes from Firefox 142
- Bug tor-browser#44140: Align PDF changes to 140esr
- Bug tor-browser-build#41442: Update our audit CSVs to use the new Audit template
- Windows + macOS + Linux
- Updated Firefox to 140.2.0esr
- Bug tor-browser#43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream
- Bug tor-browser#43519: Replace tor-loading.png with SVG
- Bug tor-browser#43525: Check if our search engine customization still works after ESR 140 transition
- Bug tor-browser#43728: Update search engine icon sizes
- Bug tor-browser#43795: Restore the URL classifier XPCOM components.
- Bug tor-browser#43817: Write e2e test for verifying if the browser is connected to the Tor network
- Bug tor-browser#43844: Security level shield icon should be flipped for RTL locales
- Bug tor-browser#43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140
- Bug tor-browser#43901: Modify about:license for Tor Browser and drop about:rights
- Bug tor-browser#43902: Hide Sidebar buttons
- Bug tor-browser#43903: Report broken site is disabled rather than hidden
- Bug tor-browser#44030: Security Level selector does not get confirmation before restarting
- Bug tor-browser#44034: Update string used for checkbox on New Identity confirmation dialog
- Bug tor-browser#44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons
- Bug tor-browser#44041: Letterboxing causes greyed out alert background to be mis-aligned
- Bug tor-browser#44090: Several of our XUL pages cause a crash because of missing CSP
- Bug tor-browser#44095: Rename connectionPane.xhtml and remove it from the jar
- Bug tor-browser#44106: Make sure background tasks are not used for shutdown cleanup
- Bug tor-browser#44115: Make remove all bridges dialog use a destructive red button
- Bug tor-browser#44125: Do not offer to save signatures by default in Private Browsing Mode
- Windows + Android
- Bug tor-browser#44062: Force touch enabled on Windows and Android
- Windows
- Bug tor-browser#44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list
- macOS
- Bug tor-browser#44127: Do not show macOS Privacy hint on network error pages
- Android
- Updated GeckoView to 140.2.0esr
- Bug tor-browser#43179: Make persistent 'private tabs' notification distinct from Firefox's
- Bug 43346: Remove the "[android] Stop PrivateNotificationService" patch [tor-browser]
- Bug tor-browser#43645: Swiping away doesn't always disconnect from tor
- Bug tor-browser#43699: Dummy "about:" pages are not cleared from recently closed tabs (and possibly elsewhere) because they are normal tabs, not private tabs.
- Bug tor-browser#43826: Review Mozilla 1960122: Use
MOZ_BUILD_DATEin Fenix build configuration - Bug tor-browser#44021: Android settings page colors are sometimes messed up (seems to be on the first launch)
- Bug tor-browser#44042: Debug crash when opening settings too quickly after launching app
- Bug tor-browser#44047: Tor Browser's home doesn't have the background at the first load on Android
- Bug tor-browser#44081: Swiping away the "private tabs" notification requires rebootstrapping.
- Bug tor-browser#44083: "snowflake" is lower case on Android
- Bug tor-browser#44098: Bookmarks offer a way to go to sync in 15.0a1
- Bug tor-browser#44139: Restore the (inactive) YouTube and Reddit search plugins on Android
- Build System
- All Platforms
- Bug tor-browser#44061: "Contributing" link is broken
- Bug tor-browser#44067: Move --enable-geckodriver only to Linux-only mozconfigs
- Bug tor-browser#44103: git's export-subst is a reproducibility problem
- Bug tor-browser#44104: Don't run linter when there are no overall changes
- Bug tor-browser-build#26408: Make MAR signature checks clearer when creating incremental MAR files
- Bug tor-browser-build#40551: Drop go reproducibility patches
- Bug tor-browser-build#40697: Delete repackage_browser.sh
- Bug tor-browser-build#40698: Update locale in tbb_version.json
- Bug tor-browser-build#41517: Add morgan's key to the setup account on the signing machine
- Bug tor-browser-build#41522: Adapt our signing scripts to be able to sign the VPN app
- Bug tor-browser-build#41534: Copy geckodriver only for Linux x86-64
- Bug tor-browser-build#41537: Add script to count mar downloads from web logs
- Bug tor-browser-build#41539: Update Ubuntu version used to run mmdebstrap to 24.04.3
- Bug rbm#40087: Downloaded files getting stricter permissions than expected
- Windows + Linux + Android
- Updated Go to 1.24.6
- macOS
- Bug tor-browser-build#41527: Update libdmg-hfsplus and enable LZMA compression on dmgs
- Bug tor-browser-build#41538: Bump macOS SDK to 15.5
- Android
- Bug tor-browser#44078: Modify ./autopublish-settings.gradle for building a-s and glean with uniffi-bindgen no-op
- Bug tor-browser-build#41523: Use custom built Glean package on Android
- Bug tor-browser-build#41531: Update relprep.py script to handle application-services updates
- Bug tor-browser-build#41548: Hide tor's symbols on Android and add other linker options to save space
- All Platforms
