The Tor Project has released Tor Browser 15.0, marking the first stable version built on Firefox ESR 140.
This annual upgrade brings in a broad range of usability and security enhancements inherited from Firefox.
The update follows the completion of the project's annual Extended Support Release (ESR) transition audit, which involved reviewing roughly 200 Firefox bug reports to assess potential impacts on Tor Browser's threat model. The final audit documentation is now publicly available in the tor-browser-spec GitLab repository. This extensive review process ensures that any Firefox changes folded into Tor do not compromise its core principles of privacy and anonymity.
New in Tor 15.0
Among the most notable new features in Tor Browser 15.0 are vertical tabs and tab groups on the desktop version. Users can now stack tabs in a sidebar and organize them into collapsible, color-coded groups, a usability upgrade particularly helpful for researchers and privacy-focused professionals managing large numbers of tabs. The unified search bar from upstream Firefox is also present, enabling quick engine switching and easier access to bookmarks and open tabs.
Tor
Tor Browser's tab model still clears all data on exit, preserving its privacy-first architecture. While session persistence is not part of the browser's design, these new features aim to improve short-term productivity without compromising security.
On Android, Tor Browser 15.0 introduces a screen lock feature. When enabled, the browser will prompt for biometric or passcode authentication if a user returns to an open session after switching apps. This helps guard against casual snooping when devices are left unattended, without undermining the ephemeral session model Tor is known for.
Tor
Dropping legacy support
Tor Browser 15.0 will be the last major release to support Android versions 5 through 7 and x86 CPU architectures on both Android and Linux. These platforms will continue to receive security updates until the mid-2026 release of version 16.0, but new features will no longer be backported. The decision follows Mozilla's announcement to phase out support for older Android versions and x86, citing technical limitations and mounting maintenance overhead.
Supporting x86 Android builds has become increasingly complex due to Google Play's 100MB size restriction on app packages. Developers have previously used workarounds such as excluding the Conjure pluggable transport on x86 builds, but these sacrifices have now reached a breaking point.
WebAssembly moves under NoScript
Another significant architectural change in version 15.0 is the migration of WebAssembly (Wasm) handling from browser preferences to the NoScript extension. Previously, Tor disabled Wasm at higher security levels via javascript.options.wasm = false, but this blanket approach broke Firefox's new Wasm-based PDF renderer introduced between versions 128 and 140.
Now, NoScript will manage Wasm blocking behavior at the Safer and Safest levels, preserving protection against exploitation without disabling essential browser components. Users who had manually disabled Wasm in the Standard level will see their setting flagged as “Custom” and are advised to revert to default settings or raise their security level for better fingerprint resistance.
The Tor Project emphasizes that while NoScript allows Wasm on internal components like the PDF viewer, it continues to block Wasm execution on public websites unless explicitly permitted by the user at lower security levels.
While the release notes do not rehash earlier AI-related decisions, it's worth noting that, earlier this month, Tor Browser 15.0 alpha builds stripped out all of Firefox's AI integrations, citing privacy, auditability, and alignment with the project's threat model as key concerns.
Tor took the view that cloud-based AI tools fundamentally compromise user anonymity, often requiring accounts, logging interaction data, and posing fingerprinting risks that are incompatible with the project's mission to protect users in high-risk environments.
Leave a Reply