The Tor Project released Tor Browser 15.0.11 on April 28, 2026, marking yet another security-focused update in the 15.0 stable series. The release is available now from the official Tor Browser download page and the Tor Project’s distribution directory.
Users across all platforms are encouraged to update without delay. Security is the sole reason this version exists.
The release upgrades the underlying Firefox engine to version 140.10.1esr across all desktop platforms, covering Windows, macOS, and Linux simultaneously. Android users receive the same update through a GeckoView bump to 140.10.1esr.
The Tor Project does not detail the specific CVEs patched in each release post, but the Firefox 140.10.1esr designation signals that Mozilla classified the upstream issues as important enough to warrant an out-of-cycle ESR patch. Users who skip this update remain exposed to whatever those vulnerabilities cover until they upgrade.
NoScript, the bundled security extension that controls script execution across sites, has also been updated. Version 13.6.18.1984 ships in this build, following the standard pattern of keeping NoScript current alongside each Firefox ESR bump.
NoScript is a core part of how Tor Browser enforces its security levels, particularly at the Safer and Safest settings, where JavaScript is restricted or fully disabled by default. Keeping it current matters as much as the Firefox engine itself.
On the codebase side, the Tor Browser team rebased the stable branch onto Firefox 140.10.1esr through the internal tracking ticket tor-browser#44907. This is standard maintenance work that ensures the privacy and security patches unique to Tor Browser are applied cleanly on top of each new upstream ESR base.
The Tor Project completes this rebase with every ESR update cycle, and it is part of what keeps Tor Browser distinct from a plain Firefox build.
Tor Browser 15.0 launched in October 2025 as the first stable release built on Firefox ESR 140. That transition was accompanied by a full annual ESR audit in which the Tor Project team reviewed and addressed around 200 separate Bugzilla issues covering Firefox changes that could affect user privacy or security. The 15.0 series has since received regular maintenance updates, with 15.0.11 being the eleventh patch in this cycle.
For users unfamiliar with how Tor Browser relates to Firefox, the key distinction is worth understanding. Tor Browser builds on Firefox ESR but layers in a substantial set of modifications. Traffic is routed through the Tor anonymity network by default. Third-party cookies and site tracking are blocked.
Browser fingerprinting resistance is built into the rendering engine. Many web APIs that expose identifying information are disabled or restricted. The result is a browser that behaves quite differently from Firefox in practice, even though it shares the same underlying engine and benefits from the same upstream security patches.
Tor Browser 15.0.11 is available for Windows, macOS, Linux, and Android. Downloads are live at the official Tor Browser page at torproject.org/download. The full changelog for this release is published on the official Tor Project blog.
