Tor Browser 7.5a4 is released

Tor Browser 7.5a4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor alpha release (0.3.1.5-alpha) + an updated OpenSSL (1.0.2l), HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1). We also update sandboxed-tor-browser (to 0.0.12).

The major new features in this alpha release are selfrando support for 32bit Linux systems, Snowflake support for macOS, and a patch that fixes a lot of our problems with the external helper app dialog. In particular, downloading files via the pdf viewer should work again. As we do in the stable series, we also avoid scary warnings popping up when entering passwords on .onion sites without a TLS certificate. We are also testing a better Tor Browser hardening on Windows by using a newer compiler for our Windows builds. If you encounter any issues that could be caused by the new compiler, we want to know about it!

The full changelog since Tor Browser 7.5a2 (for Linux since Tor Browser 7.5a3) is:

  • All Platforms
    • Update Firefox to 52.3.0esr
    • Update Tor to 0.3.1.5-alpha
    • Update OpenSSL to 1.0.2l
    • Update Torbutton to 1.9.8
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Bug 22542: Resize slider window to work without scrollbars
      • Bug 21999: Fix display of language prompt in non-en-US locales
      • Bug 18913: Don't let about:tor have chrome privileges
      • Bug 22535: Search on about:tor discards search query
      • Bug 21948: Going back to about:tor page gives "Address isn't valid" error
      • Code clean-up
      • Translations update
    • Update Tor Launcher to 0.2.12.3
      • Bug 22592: Default bridge settings are not removed
      • Translations update
    • Update HTTPS-Everywhere to 5.2.21
    • Update NoScript to 5.0.8.1
      • Bug 22362: Remove workaround for XSS related browser freezing
      • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
    • Update sandboxed-tor-browser to 0.0.12
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 21321: Exempt .onions from HTTP related security warnings
    • Bug 21830: Copying large text from web console leaks to /tmp
    • Bug 22073: Disable GetAddons option on addons page
    • Bug 22884: Fix broken about:tor page on higher security levels
    • Bug 22829: Remove default obfs4 bridge riemann.
  • Windows
    • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
  • Linux
    • Bug 22832: Don't include monthly timestamp in libwebrtc build output
    • Bug 20848: Deploy Selfrando in 32bit Linux builds
  • Build system
    • Windows
    • Linux
Anonymous

August 08, 2017

Permalink

Thanks again for another great release! I'm so glad that the team is able to track Firefox release cycles so that whenever there's an update to Firefox about to install, TBB is ready within hours!

Anonymous

August 09, 2017

Permalink

my browser updated fine, loads fine, tests for network connection just fine, but when I open a new tab / try to go to bookmarked pages, the browser crashes with "a program has caused it to crash" error.

When are they going to upgrade to WebExtension as advertised?

You can follow their progress in this ticket: https://github.com/EFForg/https-everywhere/issues/9958

Hainish has already a pull-request for review for making it an embedded web-extension: https://github.com/EFForg/https-everywhere/pull/11760

Note that the HTTPS Everywhere WebExtension is already done (it's what the Chromium HTTPS Everywhere addon is), the only work needed is to make it work on Firefox and work out the rough edges and the issues that may happen.

Privilege of a website is not necessarily bound to the respective process it is running in. Think about pre e10s days: there was just a single process but nevertheless existed privilege differences between browser chrome pages and normal web content.

Content should not be able to link to them, yes. That's what the nsIAboutModule::MAKE_UNLINKABLE flag is for. It's just that the page itself runs with content privileges. Normal web content should not be able to access it.

Anonymous

August 11, 2017

Permalink

Just upgraded the Tor browser on 8/10/17 for Windows 10 Pro. Browser crashed and will not restart. An error message for firefox.exe of 0xc0000022 is displayed when attempting to load. Seems related to the update. Any thoughts?

Anonymous

August 12, 2017

Permalink

Why does this page keep 'refreshing'? What's it with software developers? It it works they have to break it so they can 'fix' it? Keeping themselves in a job?

Anonymous

August 15, 2017

Permalink

I'm having repeated issues with the recent update Trend Micro is showing the update is infecting various files within the build including firefox.exe. I have downloaded build and having the same problem. Am I alone?

This sounds like a Trend Micro problem. Antivirus software really hates Tor Browser. Every new release there's people complaining about their favorite antivirus software breaking Tor Browser. Or complaining about a broken Tor Browser but not knowing why it is broken.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

7 + 11 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.