#13671: fix circuit display when bridges are used

[torbutton.git] / src / CHANGELOG

1.8.1.0
 * Bug 13746: Properly link Torbutton UI to thirdparty pref.
 * Bug 13742: Remove SafeCache code (in favor of C++ implementation)

1.8.0.3
 * misc: Translation imports for security slider

1.8.0.2
 * Bug 13666: Various fixes for circuit status display

1.8.0.1
 * Bug 13651: Fix hangs associated with circuit status UI from #8641.

1.8.0.0
 * Bug 9387: Provide a "Security Slider" for vulnerability surface reduction
 * Bug 13019: Synchronize locale spoofing pref with our Firefox patch
 * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
 * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs

1.7.0.1
 * Bug 13378: Prevent addon reordering in toolbars on first-run.

1.7.0.0
 9 Oct 2014
 * Bug 10751: Adapt Torbutton to ESR31's Australis UI.
 * Bug 13138: ESR31-about:tor shows "Tor is not working"
 * Bug 12947: Adapt session storage blocker to ESR 31.
 * Bug 10716: Take care of drag/drop events in ESR 31.
 * Bug 13366: Fix cert exemption dialog when disk storage is enabled.

1.6.12.3
 23 Sep 2014
 * Bug 10804: Workaround for some TBB startup hangs

1.6.12.2
 22 Sep 2014
 * Bug 13091: Use "Tor Browser" everywhere

1.6.12.1
 1 Sep 2014
 * Bug 12684: Add `canvas.notNow` UI strings to torbutton.properties file.
 * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org.

1.6.12.0
 4 Aug 2014
 * Bug 9531: Workaround to avoid rare hangs during New Identity

1.6.11.1
 24 Jul 2014
 * Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
 * Bug 12680: Fix Torbutton about url.

1.6.11.0
 27 Jun 2014
 * Bug 10819: Bind new third party isolation pref to Torbutton security UI
 * Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.

1.6.10.1
 26 Jun 2014
 * Bug #12221: Remove obsolete Javascript components from the toggle era

1.6.10.0
 5 Jun 2014
 * Bug 11510: about:tor should not report success if tor proxy is unreachable
 * Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
 * Bug 11722: Add hidden pref to force remote Tor check
 * Bug 11763: Fix pref dialog double-click race that caused settings to be reset

1.6.9.0:
 25 Apr 2014
 * Bug 7439: Improve download warning dialog text.
 * Bug 11384: Completely remove hidden toggle menu item.

1.6.8.0:
 7 Apr 2014:
 * Bug 9010: Add Turkish to update locales.
 * Bug 11242: Fix improper "update needed" message after in-place upgrade.
 * Bug 10398: Ease translation of about:tor page elements

1.6.7.0:
 7 Mar 2014:
 * Bug 9901: Fix browser freeze due to content type sniffing
 * Bug 10611: Add Swedish (sv) to extra locales to update

1.6.6.0:
 3 Feb 2014
 * Bug 10800: Prevent exception in New Identity
 * Bug 10640: Fix about:tor's pointer position for RTL languages.
 * Bug 10095: Make inner window a multiple of 200x100
 * Bug 10285: Clear permissions on New Identity
 * Bug 9738: Fix for auto-maximizing on browser start
 * Bug 10682: Workaround to really disable updates for Torbutton.
 * Bug 10419: Don't allow connections to localhost
 * Bug 10140: Move Japanese to extra locales
 * Bug 10687: Add Basque (eu) to extra locales

1.6.5.5:
 20 Jan 2014
 * Bug 9486: Properly clear NoScript Temporary Permissions

1.6.5.4:
 14 Jan 2014
 * Bug 10537: Include Arabic locale in Torbutton.

1.6.5.3:
 23 Dec 2013
 * Bug 9486: Clear NoScript Temporary Permissions on New Identity 

1.6.5.2:
 17 Dec 2013
 * Misc: Change the default update download link back to download-easy

1.6.5.1:
 10 Dec 2013
 * Bug 10352: Clear FF24 Private Browsing Mode data during New Identity

1.6.5:
 9 Dec 2013
 * Bug 8167: Update cache isolation to use getFirstPartyURIFromChannel() for FF24
 * Bug 10201: FF ESR 24 hangs during exit on Mac OS.
 * Bug 10078: Properly clear crypto tokens during New Identity on FF24
 * Bug 9454: Support changes to Private Browsing Mode and plugin APIs in FF24

1.6.4.1:
 15 Nov 2013
 * Bug 10002: Make the TBB3.0 blog tag our update download url for now.

1.6.4:
 29 Oct 2013
 * Bug 9144: Workaround for missing translation properties

1.6.3:
 11 Oct 2013:
 * Bug 9224: Support multiple Tor socks ports for about:tor status check
 * Bug 9587: Add TBB version number to about:tor

1.6.2.1:
 23 Sep 2013:
 * Bug 8839: Switch about:tor search link to unfiltered startpage link

1.6.2:
 18 Sep 2013
 * bug 9492: Fix Torbutton logo on OSX and Windows (and related
             initialization code)

1.6.1:
 01 Aug 2013
 * bug 8478: Change when window resizing code fires to avoid rounding errors
 * bug 9331: Hack an update URL for the next TBB release
 * bug 9144: Change an aboutTor.dtd string to something transifex might accept

1.6.0:
 05 Jun 2013
  * bug 7494: Create a local home page for TBB as about:tor
  * misc: Perform a control port test of proper Tor configuration by default.
          Only use check.torproject.org if the control port is unavailable.
  * misc: Add an icon menu option for Tor Launcher's Network Settings
  * misc: Add branding string overrides (primarily controls browser name and
          homepage)

1.5.2:
 22 Apr 2013
  * bug 8457: Allow session restore if the user allows disk actvity
  * bug 8301: Remove the Display Settings panel and associated locales
  * bug 6566: Fix "Transparent Torification" option.
  * bug 8642: Fix a hang on New Identity.

1.5.1:
 07 Mar 2013
  * bug 8324: Fix Drag+Drop crash by using a new TBB drag observer
  * bug 6202: Fix XML/E4X errors with Cookie Protections
  * bug 8423: Don't clear cookies at shutdown if user wants disk history
  * bug 8382: Leave IndexedDB and Offline Storage disabled.
  * bug 8422: Clear DOM localStorage on New Identity.
  * bug 8335: Don't strip "third party" HTTP auth from favicons
  * bug 5183: Localize the "Spoof english" button strings
  * bug 8313: Ask user for confirmation before enabling plugins
  * misc: Emit private browsing session clearing event on "New Identity"

1.5.0
 18 Feb 2013
  * bug 5279: Remove old toggle observers and related code
  * bug 3100: Simplify Security Preference UI and associated pref updates
  * bug 1305: Eliminate redundancy in our Flash/plugin disabling code
  * bug 3944: Leave most preferences under Tor Browser's control 
  * bug 7974: Disable toggle-on-startup and crash detection logic
  * bug 5279: Disable/remove toggle-mode code and related observers
  * bug 6431: Add menu hint to Torbutton icon
  * bug 7495: Make Torbutton icon flash a warning symbol if TBB is out of date
  * bug 6096: Perform version check every time there's a new tab.
  * bug 6156: Rate limit version check queries to once every 1.5hrs max.
  * misc: Allow WebGL and DOM storage.
  * misc: Disable independent Torbutton updates
  * misc: Change the recommended SOCKSPort to 9150 (to match TBB)

1.4.6.3
 9 Oct 2012
  * bug 5856: Disable JS hooks to make way for direct Firefox patch

1.4.6.2
 12 Sep 2012
  * bug 6803: Set proxy settings earlier to fix broken homepage load on FF15
  * bug 6254: Support transparent Tor mode through TOR_TRANSPROXY=1 env var.

1.4.6.1
 30 Aug 2012
  * Bug 6737: Disable window.screen hooks for FF15+ (fixes exception alert)

1.4.6
 30 May 2012
  * Bug 5710: Prevent all sessionstore data saving in TBB
  * Bug 5715: Explicitly clear image cache on TBB New Identity
  * Bug 4660: Clear search and find boxes on TBB New Identity
  * Bug 5729: Make New Identity and New Window a multiple of 200x100px
  * Bug 4755: Spoof screen coordinates for DOM MouseEvents
  * Bug 4718: Make TBB version check happen on New Window+New Identity
  * Bug 5758: Disable WebSockets and IndexedDB for non-TBB users
  * Bug 5863: Remove the ability to toggle Torbutton (to prevent leaks)
  * Bug 3838: Inform Torbutton users about TBB
  * Bug 5092: Sign Torbutton Updates
  * Bugs 5673+5732: Change captcha redirect to startpage.com
  * Bug 3845: Bump Firefox user agent to 10.0-ESR

1.4.5.1
  17 Dec 2011
  * bug 4722: Fix ability to drag tabs on Windows (due to #4517)

1.4.5
  14 Dec 2011
  * bug 4517: Disable external drag and drop (prevents proxy bypass)
  * bug 4099: Disable TLS session tickets to prevent linkability
  * bug 4603: Lower HTTP keep-alive timeout to reduce linkability
  * bug 4611: Notify user if "New Identity" fails
  * bug 4667: Close keep-alive connections on "New Identity" (TBB only)
  * bug 4453: Reset SOCKS host and port only when using "recommended settings"
  * misc: Perform versioncheck at startup regardless of session restore status

1.4.4.1
  11 Oct 2011
  * misc: Fix a homepage load error on Windows TBB first-run

1.4.4
  9 Oct 2011
  * bug 4197: Allow Torbutton formfill blocking to be disabled
  * bug 4058: Fix yet more issues with links opening in new tabs
  * bug 4161: Make TBB version check work w/ SocksPort auto builds
  * bug 3686: Fix loading of localized homepage on Debian
  * bug 4016: Resize window on "New Identity"
  * bug 3928: Implement CookieAuthFile password reading
  * misc: Fix scoping issue for some stream variables

1.4.3
  9 Sep 2011
  * bug 3933: Don't touch app.update.auto in TBB
  * bug 3960: Don't disable zoom.siteSpecific on TBB
  * bug 3928: Fix auto-scroll on twitter
  * bug 3649: Make permissions and disk errors human-readable

1.4.2
  3 Sep 2011
  * bug 3879: Fix broken framed sites (yopmail, gmane, gmaps, etc)
  * bug 3337: Fetch check.tp.o page to check versions (TBB only)
  * Bug 3754: Fix SafeCache OCSP errors (fix for TBB only)

1.4.1
  28 Aug 2011
  * bug 523: Implement New Identity (for TBB only)
  * bug 3580: Fix hotmail/live breakage (TBB only)
  * bug 3748: Disable 3rd party HTTP auth
  * bug 3665: Fix several corner cases SafeCache isolation
  * bug 3739: Fix https->http CORS failure for SafeCache
  * bug 3414: Isolate window.name based on referrer policy
  * bug 3809: Disable referer spoofing (fixes navigation issues)
  * bug 3819: Fix API issue with cookie protections
  * bug 3820: Fix warning w/ session store filter

1.4.0
  30 Jun 2011
  * bug 3101: Disable WebGL. Too many unknowns for now.
  * bug 3345: Make Google Captcha redirect work again.
  * bug 3399: Fix a reversed exception check found by arno.
  * bug 3177: Update torbutton to use new TorBrowser prefs.
  * bug 2843: Update proxy preferences window to support env var.
  * bug 2338: Force toggle at startup if tor is enabled
  * bug 3554: Make Cookie protections obey disk settings
  * bug 3441: Enable cookie protection UI by default.
  * bug 3446: We're Firefox 5.0, we swear.
  * bug #3506: Remove window resize event listener.
  * bug #1282: Set fixed window size for each new window.
  * bug #3508: Apply Stanford SafeCache patch (thanks Edward, Collin et al).
  * bug #2361: Make about window work again on FF4+.
  * bug #3436: T(A)ILS was renamed to Tails.
  * bugfix: Fix a transparent context menu issue on Linux FF4+.
  * misc: Squelch exception from app launcher in error console.
  * misc: Make DuckDuckGo the default Google Captcha redirect destination.
  * misc: Make it harder to accidentally toggle torbutton.

1.3.3-alpha
  01 May 2011
  * bug 2777: Clear OCSP cache on tor toggle
  * bug 2832: Update spoofed user agent to Firefox 4.0
  * bug 2838: Make cookie protections dialog work
  * bug 2819: Move JS hooks to new JS1.8.5 hooking support on FF4.
  * bug 3042: Fix version compatibility issue with FF4.0.1+

1.3.2-alpha
  21 Mar 2011
  * bug 1624: Use nsIDOMCrypto::logout() instead of the SSLv2 pref hack
  * bug 1999: Disable tor:// urls by default
  * bug 1968: Reset window.name on tor toggle
  * bug 2148: Make refspoofing more uniform
  * bug 2359: Fix XHTML DTD errors on FF4
  * bugs 2465+2421: Fix javascript hook exceptions+issues in FF4.0
  * bug 2458: Opt out of Firefox addon usage pings
  * bug 2377: Limit the Google captcha cookies copied between google TLDs
  * bug 2491: Clean up checks for when to jar protected cookies
  * bug 1110: Add popup to ask if we should spoof English Accept: headers
  * misc: Remove a noisy FF2 nsICookieManager2 fallback check.

1.3.1-alpha
  03 Jan 2011
  * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri)
  * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri)
  * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble)
  * bugfix: Fix some incorrect log lines in RefSpoofer
  * new: Support Firefox 4.0 (many changes)
  * new: Place button in the nav-bar (FF4 killed the status-bar)
  * misc: No longer reimplement the session store, use new APIs instead
  * misc: Simplify crash detection and startup mode settings

1.3.0-alpha
  30 Sep 2010
  * new: Support for transparent proxies in settings
    (patch from Jacob Appelbaum and Kory Kirk)
  * new: tor:// and tors:// url support to auto-toggle into tor mode
    (patch from Kory Kirk)
  * new: Cookie manager to allow individual Cookie protection
    (patch from Kory Kirk)
  * new: Add referrer spoofing based on modified same origin policy
    (patch from Kory Kirk)
  * new: Add DuckDuckGo.com as a Google captcha redirect destination
    (patch from aiden tighe)
  * bugfix: bug 1911: Fix broken useragent locale string on debian
    (patch from lunar)
  * bugfix: Fix captcha detection for encrypted.google.com

1.2.5
  08 Apr 2010
  * bugfix: bug 1169: Fix blank popup conflict with CoolPreviews
  * bugfix: bug 1246: Fix IST and other HH:30 timezone issues.
  * bugfix: bug 1219: Fix the toggle warning loop issue on settings change.
  * bugfix: bug 1321: Fix a session restore bug when closing the last window
  * bugfix: bug 1302: Update useragent to FF3.6.3 on WinNT6.
  * bugfix: bug 1157: Add logic to handle torbutton crashed state conflicts
  * bugfix: bug 1235: Improve the 'changed-state' refresh warning message
  * bugfix: bug 1337: Bind alert windows to correct browser window
  * bugfix: bug 1055: Make the error console the default log output location
  * bugfix: bug 1032: Fix an exception in the localhost proxy filter
  * misc: Always tell a website our window size is rounded even if it's not
  * misc: Add some suggestions to warning about loading external content
  * new: Add option to always update Torbutton via Tor. On by default
  * new: Redirect Google queries elsewhere on captcha (default ixquick)
  * new: Strip identifying info off of Google searchbox queries

1.2.4
  16 Dec 2009
  * bugfix: bug 1169: Fix blank popup conflict with Google Toolbar
  * bugfix: bug 1171: Properly store and set network.dns.disablePrefetch
  * bugfix: bug 1165: Fix an exception on toggle in FF3.6
  * bugfix: bug 1163: Fix history loss in FF3.6
  * bugfix: Fix a typo error during logging
  * bugfix: Properly handle session restore in FF3.6
  * misc: Kill a warning message about missing properties in window-mapper.js
  * new: Add a new pref to disable Livemark updates during Tor usage (FF3.5+)

1.2.3
  02 Dec 2009
  * bugfix: bug 950: Preserve useragent and download settings across toggle
  * bugfix: bug 1014: Fix XML Parsing Error on XHTML sites in Tor mode
  * bugfix: bug 1041: Preserve tab history in FF3.5
  * bugfix: bug 1047: Fix spurious user agent change notice
  * bugfix: bug 1053: Partial fix for 'TypeError: browser is undefined' error
  * bugfix: bug 1084: Preserve HTTP accept language for Non-Tor usage
  * bugfix: bug 1085: Fix test settings issues with dead privoxy
  * bugfix: bug 1088: Clean up some namespace issues in the main chrome window
  * bugfix: bug 1091: Fix a lockup when 'Ask Every Time' cookie pref is set
  * bugfix: bug 1093: Fix cert acceptance dialogs in Firefox 3.5
  * bugfix: bug 1146: Fixes for properly handling tab restore in FF3.5
  * bugfix: bug 1152: Close tabs on toggle prevents toggling in FF3.5"
  * bugfix: bug 1154: Clarify "Last Tor test failed" message
  * misc: Disable geolocation in FF3.5 during Tor mode
  * misc: Disable DNS prefetch in FF3.5 in Tor mode and for Tor-loaded tabs
  * misc: Disable offline app cache during Tor mode
  * misc: Disable specific site zoom settings during Tor mode
  * new: Transfer Google cookies between country-code domains. This should
    make it such that captchas only need to be solved once per Tor session,
    as opposed to for each country.

1.2.2
  09 Aug 2009
  * bugfix: Workaround Firefox Bug 440892 to prevent external apps from 
    being launched (and thus bypassing proxy settings) without user 
    confirmation. Independently reported by Greg Fleischer and optimist.
  * bugfix: Create a separate "No Proxy For" option and remove the 
    string "localhost" from proxy exemptions. Prevents a theoretical
    proxy bypass condition discovered by optimist. Fix based on patch from
    optimist.
  * bugfix: bug 970: Purge undo tab list on Tor toggle.
  * bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages. 
    Mac OS writes Firefox console messages to disk by default.
  * bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy 
    strings to fail to display.
  * misc: bug 1006: Pop up a more specific failure message for pref
    changing errors during Tor toggle.
  * misc: Fix a couple of strict javascript warns on FF3.5
  * misc: Add chrome url protection call to conceal other addons during
    non-Tor usage. Patch by Sebastian Lisken.
  * misc: Remove torbutton log system init message that may have scared some
    paranoids. 

1.2.1
  21 Mar 2009
  * bugfix: bug 773: Fixed Noscript conflict issue.
  * bugfix: bug 866: Fixed conflict with ZoTero
  * bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore
    Torbutton's spoofed user agent if Tor is enabled.
  * bugfix: bug 909: Get Torbutton to "properly" react to users changing 
    their Firefox cookie lifetime settings as opposed to using the Torbutton 
    interface.
  * bugfix: bug 834: Fix session saving and startup issues
  * bugfix: bug 875: Removed docShell == null popup during toggle for 
    some users
  * bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
  * bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
  * bugfix: Stop-gap timezone spoofing fix for Linux and Mac 
    for FF3. Requires a one-line patch to Firefox for Windows to work.
  * bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
  * misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
  * misc: bug 836: redesign startup preference window to make it more
    understandable
  * misc: Torbutton now presents itself as Windows FF3.0.7.
  * misc: Change RDF to allow Torbutton to run on FF3.1 betas.

1.2.0
  30 Jul 2008
  * bugfix: bug 777: Fix issue with locale spoofing breaking translations.
  * bugfix: bug 778: Preserve locale in spoofed version if user does not want
    locale spoofing.
  * bugfix: bug 780: Keep session cookies during Tor toggle.
  * bugfix: Potential fix for some PKCS#12 issues.
  * bugfix: Fix crash recovery and uninstall/upgrade to avoid cookie loss.
  * misc: Translation updates.

1.2.0rc6:
  12 Jul 2008
  * bugfix: Fix bug causing Firefox history to get cleared in some situations
  * bugfix: bug 753: Fix exception thrown during Tor toggle in some instances
  * bugfix: bug 758: Fix resize issue where 0x0 windows could be created
  * bugfix: Fix some potential permission denied issues with cookie jars
  * bugfix: bug 520: Fix issue where Javascript stayed disabled in some tabs
  * bugfix: Apply cookie lifetime settings to Tor settings on first install.
  * bugfix: Don't disable Firefox preferences when Torbutton is uninstalled
  * misc: Allow automatic updates in FF3 by default. They are secure now.
  * misc: Translation updates

1.2.0rc5
  06 Jul 2008
  * bugfix: bug 734: Fix exception with clearing history on toggle
  * bugfix: bug 735: Fix exception with blocking Non-Tor history writes
  * bugfix: bug 720: FF3 cookie jar fix submitted by arno
  * misc: translation updates for French, Farsi, and others
  * misc: demote "mapper check" log message to info
  * new: Option to not write cookie jars to disk submitted by arno

1.2.0rc4
  27 Jun 2008
  * misc: Refuse to jar cookies under Firefox 3. Lame workaround for Firefox
    Bug 439384, but it's the best we can do. At least we won't destroy
    cookies anymore.
  * misc: Some strings were present twice in the en-US locale. Didn't seem
    to cause any problems, but probably should be fixed.

1.2.0rc3
  27 Jun 2008
  * bugfix: Lots of compatibility updates with other extensions. Issues
    with SpeedDial, Google Notebook, TabMixPlus, and others have been fixed.
  * bugfix: Fix bug with first window/tab after restart being partially 
    prevented from performing network activity and/or history access.
  * bugfix: Add an additional pref for blocking Non-Tor file url network
    activity. Off by default. This should fix issues with Sage addon in
    Non-Tor mode. 
  * bugfix: Be better about saving all sorts of Firefox prefs that we touch
    so that users' Non-Tor preferences are remembered.
  * bugfix: Fix potential issues with FF3 sessionstore by updating component,
    and performing version detection.
  * bugfix: Separate toggle into a 3 stage process to eliminate potential 
    race conditions and issues with javascript and other functionality 
    not working after Tor toggle.
  * new: Added 'Test Settings' button to Proxy Preferences that uses 
    check.torproject.org to verify Tor status.
  * misc: Improve 'Restore Defaults' to reset all prefs that we touch.
  * misc: Fix logging system to be more user-legible.

1.2.0rc2
  08 Jun 2008
  * bugfix: MacOS: Fix broken Tor state/toggle issues when all windows are 
    closed but app stays open
  * misc: Potential performance improvements when many windows+tabs are open
  * new: Add 'locked mode' pref to allow users to disable one-click toggling
  * new: Add prefs to start Firefox with a specific Tor state.

1.2.0rc1
  01 Jun 2008
  * general: FF3 should now be functional, but timezone masking is not
    operational
  * bugfix: Fix Places/history component hooking in FF3
  * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
    if history writes are disabled.
  * bugfix: General component hooking fixes for FF3
  * bugfix: Block favicon leaking in FF3
  * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
  * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
  * bugfix: Properly reset cookie lifetime policy when user changes cookie
    handling options.
  * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
  * bugfix: navigator.oscpu hooking was broken in 1.1.18
  * bugfix: Try to prevent alleged 0x0 windows on crash recovery
  * bugfix: Attempt to block livemarks updates during Tor. Only partial fix.
    Not possible to cancel existing Livemarks timer (one fetch will still
    happen via Tor before disable). See Firefox Bug 436250
  * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
    mimetypes just in case our custom full page blocking code fails

1.1.18
  17 Apr 2008
  * bugfix: Fix Gmail exceptions involving window.navigator that made Gmail
    unusable after recent updates by Google.
  * bugfix: Fix an exception in the content policy that may have prevented
    some AJAX page elements from loading.
  * bugfix: Fix regression on cross-state favicon leak introduced in 1.1.17
  * bugfix: Fix to make clear private data work again by fixing up history
    hooking (may also help FF3 compatibility).
  * bugfix: Fix Yahoo email account creation (broken due to Date.valueOf()
    weirdness).
  * bugfix: Fix to allow plugins if the user unchecks the plugin blocking
    preference
  * bugfix: Fix bug 638: eliminate cross-state history popup on session
    restore
  * bugfix: Only resize windows on document load. Hopefully this will make
    the resizing code less annoying, and drift less.
  * bugfix: Fix Object.prototype extensions involving the Date object 
    (observed on LiveJournal)
  * bugfix: Fix javascript debugger compatibility issues involving source
    window display and other functionality.
  * misc: Prevent blocked popups from opening blank, unusable windows
  * misc: Updated firefox version to 2.0.0.14
  * new: New translations for French, Russian, Farsi, Italian, and Spanish.

1.1.17
  15 Mar 2008
  * bugfix: Improve chrome disclosure protection (patch from Greg Fleischer)
  * bugfix: Block network access from file urls to workaround Firefox 
    'Content-Disposition' file stealing attack (found/fixed by Greg)
  * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  * bugfix: Improve Torbutton chrome concealment (found by Greg)
  * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  * bugfix: Don't resize maximized windows
  * misc: Improve window resizing to only resize on document load,
    and to try to address drift by remembering window sizes
  * misc: Clear session history if clear history on tor toggle is set
  * new: Remove history hooks in favor of nsISHistoryListeners that
    prevent history navigation from alternate Tor states

1.1.16
  03 Mar 2008
  * bugfix: Fix yet more javascript unmasking issues found by Greg.
    Date is still unmaskable.
  * bugfix: Close tabs *before* toggling proxy settings if pref is set.
  * bugfix: Fix a couple exceptions thrown on resizing and plugin canceling

1.1.15
  26 Feb 2008
  * bugfix: Fix hook unmasking of window.screen, window.history,
    and window.navigator discovered by Greg Fleischer. window.Date 
    unmasking is still unfixed. window.history unmasking represents
    potential IP disclosure due to Firefox Bug 409737.
  * bugfix: Fix view-source extension disclosure bug found by Greg 
    Fleischer.
  * bugfix: Fix javascript and about links. Found by Greg Fleischer.
  * new: Attempt to prevent window sizes from drifting during resize.

1.1.14
  24 Feb 2008
  * bugfix: set general.useragent.locale if user wants to spoof an English
    browser. This handles navigator.locale
  * bugfix: Mask navigator.buildID. Reported by Greg Fleischer
  * Initial Firefox 3 work. Functionality still broken due to FF Bug 413682
  * bug 580: Resize preferences window to fit in 640x480 displays
  * new: Spoof window.screen to mask desktop resolution and resize the 
    browser to multiples of 50px while tor is enabled.
  * new: Block content window access to chrome urls if Tor is enabled, 
    and hide Torbutton if Tor is disabled. Thanks to Greg Fleischer for 
    reporting the chrome disclosure issues
  * new: Added option to close all opened tabs on a Tor toggle. Useful 
    for general convenience and also as a backup protection against 
    Bug 409737.
  * new: Add Tor ports to the list of banned ports for Firefox. Should
    prevent http-ping based fingerprinting attacks.
  * new: Finally add support for automatic updates.

1.1.13
  01 Feb 2008
  * bugfix: Implement workarounds to disable Javascript network access 
    for Firefox Bug 409737
  * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296 
  * misc: Set network.protocol-handler.warn-external.* to warn on external 
    app handlers during Tor usage
  * misc: Disable browser.safebrowsing.enabled during Tor usage since it
    retrieves some information in plaintext.
  * misc: Disable browser.send_pings.
  * misc: Block Javascript back/forward manipulation if Tor is enabled
  * new: Option to clear HTTP auth on Tor toggle

1.1.12
  26 Nov 2007
  * bugfix: bug 520: Fix some content policy/tagging issues. Not sure if this
    is the whole bug.
  * bugfix: Fix a nasty bug where torbutton mostly broke if the first Firefox
    window was closed (introduced in 1.1.11)
  * bugfix: Fix a favicon proxy-leak discussed in onionland

1.1.11
  16 Nov 2007
  * bugfix: Fix a scope issue with the JS hooks that caused problems with 
    some sites (gmail, others?)
  * misc: Performance enhancements for speeding up toggle
  * new: Prevent Tor cookies from being written to disk if the user wants
    them cleared.

1.1.10
  06 Nov 2007
  * bugfix: bug 522: Try harder to kill plugins before they do any network IO
    (discovered by goldy)
  * bugfix: bug 460: Remove hook verification. Attempt to apply hooks at every
    location event.
  * misc: New logging system
  * new: Have user choose between starting in Tor or Non-Tor after crash.
    Leaving it to Firefox is non-deterministic and should not be an option.

1.1.9.1
  23 Oct 2007
  * bugfix: 1.1.9 killed all plugins. Bring them back to life.

1.1.9
  21 Oct 2007
  * bugfix: bug 519: Fix Ubuntu Gutsy hang on startup.
  * bugfix: bug 521: Fix yet more false positive popups introduced in 1.1.8
  * bugfix: bug 522: Block loading of direct clicks of plugin-handled content 
    (discovered by goldy).

1.1.8
  01 Oct 2007
  * bugfix: bug 503: Prevent sessionstore from writing Tor tabs to disk
  * bugfix: bug 510: Decouple cookie clearing from Clear Private Data settings
  * bugfix: bug 474: Decouple password+form saving from history writing
  * bugfix: bug 460: Rework handling of hooking based on global events+window
    lookup
  * bugfix: Hooking fixes for pages with nested frames/iframes
  * bugfix: Cookies are now properly synced before storing into a jar
  * misc: Tightened up the alerts a bit more for the javascript hooking
  * misc: Changed defaults to be less intrusive to non-tor usage
  * new: Added options to start in Tor and reload cookies after browser crash 
  * new: Added ability to have both tor and non-tor cookie jars

1.1.7
  20 Sep 2007
  * bugfix: bug 495: couple of memory leaks found and fixed by arno
  * bugfix: bug 497: uninstall exception found and fixed by arno
  * bugfix: bug 460: No more alerts should happen. But does that mean its
    fixed? Outlook uncertain...
  * bugfix: bugs 461+489: verbosity+macos logging issues resolved
  * bugfix: if javascript is disabled, the hooking code no longer complains
  * misc: Update spoofed Firefox version to 2.0.0.6
  * new: "Restore Defaults" button added to the preferences window

1.1.6
  30 Jul 2007
  * bugfix: Fix an exception that may have messed up cookie/cache clearing
    if you allowed Tor to write history URLs (possibly kills bug #457)
  * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking
    misses (possibly kills bug #460)
  * misc: Clean up annoying false positives with date hooking checks

1.1.5
  17 Jul 2007
  * bugfix: Reset shutdown option if user wants to manually manage cookies
  * misc: Add code to detect date hooking failures to zero in on Bug #460
  * new: Pref to disable "DOM Storage" during Tor usage

1.1.4 - Defcon CD Release
  6 Jul 2007
  * bugfix: Make plugin state tied to tab load state also
  * bugfix: Date hooking bug. getUTCYear is not defined. Must call getYear..
  * new: Add options to spoof charset and language headers
  * new: Add option to disable referer header. This can break some sites.
         Seems to break digg in particular.
  * new: Copy English strings to all language DTDs so they are at least
         functional.

1.1.3 - Black Hat CD Release
  30 Jun 2007
  * bugfix: Fully disable session store if option is set. Otherwise it 
            can save Tor tabs and cause them to be reloaded during Tor usage!
  * new: Differentiate between crucial and recommended settings in preferences

1.1.2
  22 Jun 2007
  * bugfix: Make js hooking a bit more invisible
  * bugfix: Improve navigator.* hooking for user agent spoofing
  * new: Block session saving during tor usage
  * new: Add options to clear cookies during Tor/Non-Tor shutdowns

1.1.1
  20 Jun 2007
  * bugfix: Remove Date hooks from DOM after inserted. Fixes some sites
            who expect a fixed DOM structure.
  * new: Integrated Collin Jackson's history blocking+cookie jar code, adapted
         it to handle various Tor States+read/write differentiation.
  * new: Allow users to manually manage cookies
  * new: Mark tabs as having been fetched via Tor or in the clear
  * new: Add code to only enable javascript on tabs with the same Tor load 
         state as the current
  * new: options to clear the cache, block disk cache, or block all caching
  * new: Created options tabbox
  * new: Option to block updates if Tor was enabled
  * new: Add nsIContentPolicy to block CSS popups from pages with a different
         load state than current Tor State.
  * new: Added user agent spoofing code
  * new: Support FireFox 2.0 only
  * new: Disable "safe browsing" remote lookups
  * new: block session saving


1.1.0 - Security Development begins (Alpha branch)
  31 Mar 2007
  * new: Option to disable all plugins during Tor usage
  * new: Javascript hooking to mask timezone for Date Object, attempted CSS fix
  * new: Options to clear history and cookies on Tor toggle
  * bugfix: Fix logging to use error console if logger extension not present

1.0.5
  18 Nov 2006
  * bugfix: fix the about box in firefox 1.0
  * bugfix: set the toolbar button to the correct state upon insertion into 
            the toolbar (ff >= 1.5 only)
  * bugfix: clarify the wording of the one-liner extension description
  * bugfix: bypassing privoxy with Firefox <= 1.0 is not recommended
  * bugfix: remember previous "custom" proxy settings
  * misc: new icons
  * misc: keyboard shortcut re-assigned to ctrl-2
  * new: previous proxy settings are restored after exiting tor mode
  * new: if the torbutton proxy settings are changed while torbutton is 
         enabled, then the active proxy settings are updated to reflect it
  * new: added twelve locales

1.0.4
  01 Jun 2006
  * bugfix: without-privoxy settings were incorrect
  * bugfix: https settings did not take effect until firefox restart
  * bugfix: let firefox generate our about box, so it will include the version

1.0.3
  31 May 2006
  * bugfix: statusbar style would reset to text after firefox restart

1.0.2
  23 May 2006
  * bugfix: fixed problem with socks_remote_dns
  * new: mozilla thunderbird support
  * new: user may customize proxy settings for nonstandard configurations
  * new: option to not use privoxy in the standard configuration
  * new: slovenian translation
  * new: french translation
  * new: keyboard shortcut (control-shift-t, changeable via keyconfig)
  * new: context menu for toolbar button and statusbar panel
  * new: attractive tor icons
  * new: about dialog
  * new: option to display statusbar as an icon instead of text

1.0.1
  16 Mar 2006
  * bugfix: toolbar button tooltips now display the correct status
  * bugfix: set socks5 proxy to tor port (9050) instead of privoxy (8118)
  * bugfix: allow user to change proxy exclusion list ("no proxy for")
  * new: use socks_remote_dns on firefox versions that have it
  * new: added update functionality through the extensions manager
  * new: added preference: display statusbar panel (yes/no)
  * new: added compatibility with firefox 1.0 and 0.9

1.0
  07 Mar 2006
  * initial release