The Tor Project has released Tor Browser 15.0.1, addressing critical security vulnerabilities inherited from Firefox 140.5.0esr.
This maintenance release delivers essential privacy protections for privacy-focused users who rely on anonymized browsing.
What’s New in Version 15.0.1
The update includes a comprehensive rebase onto Firefox 140.5.0esr, incorporating essential security patches from Mozilla’s latest extended support release.
Tor Browser 15.0.1 is now available from the official Tor Browser download page and distribution directory.
Key improvements include updates to the NoScript extension (version 13.4) and fixes addressing several critical bugs affecting core functionality.
The release resolves zoom-level persistence issues in which default zoom settings unexpectedly reset to 100%, a common frustration for users with specific magnification preferences.
Fixed Security Vulnerabilities
The update includes backported security fixes from Firefox ESR 145 and addresses eight documented vulnerabilities identified in the underlying Firefox engine.
These range from high-impact flaws affecting graphics rendering and WebAssembly operations to moderate-severity issues concerning policy bypasses and memory management.
| CVE ID | Vulnerability Type | Impact | Component |
|---|---|---|---|
| CVE-2025-13012 | Race condition | High | Graphics |
| CVE-2025-13016 | Incorrect boundary conditions | High | JavaScript: WebAssembly |
| CVE-2025-13017 | Same-origin policy bypass | Moderate | DOM: Notifications |
| CVE-2025-13018 | Mitigation bypass | Moderate | DOM: Security |
| CVE-2025-13019 | Same-origin policy bypass | Moderate | DOM: Workers |
| CVE-2025-13013 | Mitigation bypass | Moderate | DOM: Core & HTML |
| CVE-2025-13020 | Use-after-free | Moderate | WebRTC: Audio/Video |
| CVE-2025-13014 | Use-after-free | Moderate | Audio/Video |
All platforms benefit from the NoScript extension upgrade and bug fixes. Windows, macOS, and Linux users also receive Firefox 140.5.0esr integration with fixes for the issue affecting the visibility of the upgrade message on about:tor pages.
Linux users specifically gain the restoration of Noto CJK fonts, replacement of the less readable Jigmo fonts, and resolution of font rendering problems in the self-upgrade window.
Android users now benefit from fixed handling of the extension update job, which previously failed to execute correctly on mobile devices. GeckoView has been updated to version 140.5.0esr to match desktop builds.
The build system received maintenance updates, including a Go version upgrade to 1.24.10 across Windows, Linux, and Android platforms.
Android-specific improvements optimize the signing and zipalign processes, reducing redundant operations during release builds.
Users can download Tor Browser 15.0.1 directly from the official Tor Project website. Those encountering issues or possessing feature requests are encouraged to submit feedback through the dedicated bug report channel on the Tor Support portal.
The complete changelog documents all modifications, including internal build system improvements, ensuring long-term maintenance stability for the privacy-focused browser.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1068,580&ssl=1&description=This maintenance release delivers essential privacy protections for privacy-focused users who rely on anonymized browsing.){kind=link}