Tor Browser 7.0a1 is released

by boklm | January 24, 2017

Tor Browser 7.0a1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 7.0a1 is the first alpha in the 7.0 series. Apart from the usual Firefox update (to 45.7.0 ESR) it contains the first alpha in the tor 0.3.0 series (0.3.0.1-alpha) and an updated HTTPS-Everywhere (5.2.9) + NoScript (2.9.5.3).

Tor Browser 7.0a1 is the first alpha allowing Linux users to test Snowflake, a new WebRTC-based pluggable transport. Additionally, we include bug fixes both to our sandboxing solutions for Linux (sandboxed-tor-browser 0.0.3) and macOS. For Windows users we plugged a timezone leak that got introduced by enabling ICU in Firefox when switching to ESR 45.

The full changelog since 6.5a6 is:

  • All Platforms
    • Update Firefox to 45.7.0esr
    • Tor to 0.3.0.2-alpha
    • Update Torbutton to 1.9.7
      • Bug 19898: Use DuckDuckGo on about:tor
      • Bug 21091: Hide the update check menu entry when running under the sandbox
      • Bug 21243: Add links to es, fr, and pt Tor Browser manual
      • Bug 21194: Show snowflake in the circuit display
      • Bug 21131: Remove 2016 donation banner
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.9
    • Update NoScript to 2.9.5.3
    • Bug 20471: Allow javascript: links from HTTPS first party pages
    • Bug 20651: DuckDuckGo does not work with JavaScript disabled
    • Bug 20589: Add new MAR signing key
  • Windows
    • Bug 20981: On Windows, check TZ for timezone first
  • OS X
    • Bug 20989: Browser sandbox profile is too restrictive on OSX 10.12.2
  • Linux
    • Update sandboxed-tor-browser to 0.0.3
    • Bug 20735: Add snowflake pluggable transport to alpha Linux builds
  • Build system
    • All platforms
    • Linux
      • Bug 21103: Update descriptors for sandboxed-tor-browser 0.0.3
Tags
tor browser
tbb
tbb-7.0

I tested this on Windows and you are right there is no menu shown. But this neither happens on Linux nor on Windows with a vanilla Firefox 45 ESR. So, I'd say this should be a feature request to Mozilla (I have not checked whether your feature request got already included in the upcoming Firefox 52 ESR release or in any version between ESR 45 and ESR 52).

Anonymous

Anonymous (not verified) said:

February 19, 2017

Permalink

Re this:

"Tor exited during startup. This might be due to an error in your torrc file, a bug in Tor or another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start."

This seemed to be caused, for me, by having a normal instance of Firefox (which also is configured to use my system Tor daemon as a SOCKS5 proxy) running alongside, while torbrowser-launcher was updating.

Closing "regular" Firefox solved this, in my case. This is Ubuntu 16.04 amd-64.

If you have a system installation of tor and tor-browser, instead of a standalone package, how is it that tor-browser can trigger an update without a root or sudo password being asked? Is this a system security violation?

It is using its own updater regardless at which place it is put. So, while this update gets triggered even if you put Tor Browser into directories only a privileged user can access I guess the update is failing if executed as non-privileged user.

Anonymous

Anonymous (not verified) said:

February 22, 2017

Permalink

My Guard has Tor 0.2.9.9 on Linux and up-time 20+ days, but when I switch circuit for some site too often (f#%# captcha), my guard is changing to another one and back! WTF is going on?

So, now I have one site reloading through the new guard and another site reloading fine through the old guard right after the first one has just switched the guard!

Anonymous

Anonymous (not verified) said:

February 24, 2017

Permalink

So, is there any evidence that the tor-project still exists, it is nice to hear from you guys once a week or so so we may know not to worry ... hello! hello hello hello .....