Tor Browser 13.5.8 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

This is an unplanned release which backports the remaining Android-specific security fixes from Firefox 131 to Tor Browser 13.5. This is due to a release-process failure on our part during the 13.5.7 release.

How did this happen?

The fundamental issue that led to us missing patches in the previous release is that we have two different ways of prepping Android releases, and we forgot a step.

To elaborate, Tor Browser 13.5 is based of Firefox 115. This version of Firefox uses a separate source-code repository for the Android-specific functionality. Tor Browser 14.0 is based off of Firefox 128 which has integrated Android and Desktop source-code into a single repository. So, to prep a 13.5 release we have to update two source-code tags, while in 14.0 we only have to update only one.

Since we have been mostly prepping 14.0 alpha-channel releases in recent weeks, this extra tag update was overlooked and these Android-specific updates never made it into the final release.

The good news is that this particular error won't happen again as we will not need to release any more Tor Browser 13.5 for Android after this because Tor Browser 14.0 will stabilise soon.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. https://www.mozilla.org/en-US/firefox/131.0.3/releasenotes/

Full changelog

The full changelog since Tor Browser 13.5.7 is:

• Android
  • Updated NoScript to 11.4.42
  • Bug tor-browser#43099: YEC 2024 Takeover for Android Stable
  • Bug tor-browser#43173: Backport security fixes from Firefox 131