Tor Browser 15.0.14 is now available. The Tor Project says the release can be downloaded from the Tor Browser download page and from its distribution directory.
This is not a feature-heavy release. The important part is maintenance: Tor Browser 15.0.14 brings in security fixes from Firefox and updates the browser’s Firefox ESR and GeckoView base to 140.11.0esr. The listed platform scope is Windows, Linux, and Android.
For most users, the takeaway is simple. If Tor Browser is part of your privacy or censorship-resistance setup, update it. Browser security fixes are not cosmetic. They sit directly on the boundary between untrusted web content and the device you use to reach it.
What changed in Tor Browser 15.0.14#
The Tor Project’s release note lists a compact changelog since Tor Browser 15.0.13.
The main changes are:
- Backported security fixes from Firefox 151
- Updated Firefox to 140.11.0esr
- Updated GeckoView to 140.11.0esr
- Fixed the clean section in
rbm.local.conf.example - Updated the URL to
versions.iniinrelprep.py
The first three items matter most for ordinary users. Tor Browser is built on Firefox ESR, Mozilla’s extended-support browser line. When Firefox receives security fixes, projects built on top of it need to carry those fixes forward. Tor Browser 15.0.14 does that for this release line.
GeckoView matters for Android. It is Mozilla’s embeddable browser engine for Android applications. Updating it keeps the Android build aligned with the same underlying engine maintenance path.
The two build-related fixes are more relevant to Tor Browser maintainers and people working with the build system. They do not read like user-facing behavior changes. The source note does not claim new privacy features, new circuit behavior, or new anti-fingerprinting protections in this release.
Why this small update still matters#
Tor Browser is not a normal browser with a privacy theme. Its job is harder. It tries to reduce tracking, resist fingerprinting, and route traffic through the Tor network in a way that gives users a safer baseline under hostile network conditions.
That makes routine updates more important, not less.
A browser is exposed to arbitrary code and content every day. Pages, scripts, media, fonts, and protocol handlers all cross a wide attack surface. Even when a release does not include a named emergency fix in the public note, security backports from Firefox are enough reason to move quickly.
This matters especially for users who rely on Tor Browser in higher-risk settings:
- people working around censorship
- journalists and researchers accessing blocked sources
- activists and civil society groups under monitoring pressure
- users who separate identities and browsing contexts for safety
- anyone who uses Tor Browser because their local network is not trusted
A delayed browser update can turn a privacy tool into a stale target. Tor helps with network-level privacy. It does not make an outdated browser safe against browser-engine bugs.
What not to overclaim#
The release note is brief. It does not say that Tor Browser 15.0.13 is actively being exploited. It does not describe a Tor-specific vulnerability. It does not provide a CVE list in the collected source text. It also does not say that all platforms received identical internal changes beyond the listed Windows, Linux, and Android scope.
That distinction matters.
A security update is enough reason to patch. It is not enough reason to invent an incident. Treat this as a maintenance and security-backport release unless the Tor Project or Mozilla publishes more specific detail.
It is also worth separating Tor Browser from the Tor network itself. This release is about the browser package. The source material does not describe a change to onion routing, relay behavior, bridges, directory authorities, or censorship-circumvention transport logic.
For users, that means the practical action is browser-side: update the application you run. Do not assume this release changes how the network operates.
What users should do now#
If you already use Tor Browser, update from the official Tor Browser interface or download it from the Tor Project’s official site. The release note says Tor Browser 15.0.14 is available from the download page and the distribution directory.
Basic checks:
- Confirm you are getting Tor Browser from the Tor Project, not a random mirror or repackaged build.
- Update on Windows, Linux, and Android where you use it.
- Restart the browser after updating.
- Avoid carrying sensitive sessions in an old browser window after an update is available.
- If your threat model is serious, verify downloads using the Tor Project’s documented verification process.
Android users should pay attention to where they install from. Browser repackaging is a real risk in the wider Android ecosystem. If you cannot verify the path, do not treat the app as trusted merely because it uses Tor branding.
For desktop users, the main risk is habit. Many people keep privacy tools installed but do not check whether they are current. Tor Browser only helps if the browser layer is maintained.
What maintainers and technical readers may notice#
The build-system fixes are narrow but still useful signals. tor-browser-build#41781 fixes the clean section in rbm.local.conf.example. tor-browser-build#41798 updates the URL to versions.ini in relprep.py.
Those are not flashy changes. They are part of the release engineering work that keeps reproducible and repeatable builds from degrading over time. For a project like Tor Browser, this matters because trust is not only about the final binary. It is also about whether the build process remains inspectable, repairable, and aligned with source.
The release note also asks users not to use unrelated release posts as support or bug-report channels. That is operational hygiene. If you find a bug or have a suggestion, use the project’s intended support and reporting paths.
Bottom line#
Tor Browser 15.0.14 is a maintenance release with important browser-engine security updates. There is no need to dramatize it. There is also no good reason to ignore it.
If Tor Browser is in your workflow, update it from the official Tor Project source and keep moving.