Tor Browser 7.0.7 is released

Tor Browser 7.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates Firefox to 52.4.1esr, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. On Linux the content sandboxing is now enabled. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.0.6 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Torbutton to 1.9.7.8
      • Bug 23887: Update banner locales and Mozilla text
      • Bug 23526: Add 2017 Donation banner text
      • Bug 23483: Donation banner on about:tor for 2017 (testing mode)
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 23694: Update the detailsURL in update responses
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
  • Linux
    • Bug 22692: Enable content sandboxing on Linux

With a totally informative bug report like that, never. Tor Browser 7.0.7 works fine on the maintainer's laptop. If you're lucky, this is #23915 that someone was kind enough to report with sufficient detail to root cause, which I fixed 3 days ago.

Haha, you're right, that was a really stupid comment. Sorry about that. It wasn't really meant as a bug report (the error was blatant enough that I figured I oculdn't be the only one seeing it) - I was just griping.

What happens is that the browser window appears as normal, but trying to visit any URL results in a message "Your tab just crashed." I'll try to dig into this later when I have time.

But anyway, thanks for your hard work.

I assume you're the one that filed #23956. sandboxed-tor-browser 0.0.14 has a fix for that (as #23692), so I'm not sure why it's still busted.

`sandboxed-tor-browser --version` will dump the version to the console. Failing that, if you're on oldstable then there's a different issue due to the kernel being comparatively ancient that requires a patch from master to fix.

Tried it just yesterday on linux (free of NSA's-systemd) and it worked. Do you have bubblewrap firetools installed?
It does not work the same way it was before, I'm still trying to figure out where to place bookmark files withing amnesia's space or configure it like I used to, but it worked flawlessly and pretty fast.
Running it in terminal and collecting any error output would help in diagnosing the problem you have.

Anonymous

October 23, 2017

Permalink

NoScript updated to 5.1.3, then moved it's icon on the right side beside HTTPS EveryWhere. Should I be worried? I'm on Trisquel x86. Thanks and more power!

Anonymous

October 23, 2017

Permalink

Just want to say a very big thankyou for making TBBs and spending lots of time to make it for us [the public] for FREE. My life has changed because of TBB and I thankyou very much for doing it. Even if it is not fast sometime I keep trying because it is FREE and helping many persons around the world. I just make the "new TOR circuit" and everything is okay again. Everyone who complains-please SHUT UP and try to 1st say thankyou and 2nd be good manners. If you have 3rd then please complain nicely so they can help to fix for us, for FREE!!!!

Anonymous

October 23, 2017

Permalink

linux bug : go to a page with several https enforced (look at the number written on the red https symbol) then push the button 'home' (home symbol) or reload and you will see that the number is the same even using 'new identity' or 'new Tor circuit for this site'.
does it mean that it is buggy or you do not leave the page ?
It is reproducible by anybody without skill or background.
i did not try on windows:osx -android.
no-comment.

the icon of https-everywhere becomes 'red' as son as you turn ON this addon : left click
1° enable https-everywhere : check
2° block all unencrypted request : check
now, every 'connection' forced in https is shown on the icon by a number.
you must also set no-script & the security level in tor network settings.

Anonymous

October 23, 2017

Permalink

When one is forced to use Firefox or other browser because TB 7.0.7 doesn't open pages that have been traditionally opened by older versions, we are in serious trouble. It defeats the very purpose of its creation, which is to circumvent surveillance and enhance privacy and anonymity. Take for example Fort Russ (http://fortruss.blogspot.fr/), a Russian news portal. I never had any problems opening it, until TB 7.0.7 arrived, same with many other news sites, e.g., Zero Hedge (http://www.zerohedge.com/), BuzzFeed News (https://www.buzzfeed.com/news), ConsortiumNews (https://consortiumnews.com/), Russia Insider (http://russia-insider.com/en), among others. These are not news sites in North Korea, Iran or Mozambique, or any so-called "axis of evil" countries. I don't understand what is happening, but I find it extremely frustrating not to able to work with TB as I have usually done. Any suggestions? BTW, nothing has changed in my hardware/software, before, during, or after the TB upgrade to 7.0.7.

Solution: Erased old TB 7.0.7 installation, downloaded brand new TB 7.0.7, installed it, voilà!, same old, same old TB, slow as usual, but reliably safe, anonymous and private. Not a panacea for all encountered glitches after the latest upgrade, but I would suggest that anyone with problems, first erase old installation, start with a brand new one, and see what happens before defining there is a glitch. The problem may or may not be in the integration of the new version to the old template.

Anonymous

October 23, 2017

Permalink

Minor file downloading bug in Torbrowser 7.07 and 7.06 on Win7-64 (happened with.pdf files).

If filename is changed as part of the downloading short-cut menu Save File procedure then no file is saved.
No error is shown or any other hint that something is wrong. The lack of file is seen both in Explorer and in the browser's own download tracking page.

If a file is saved without a filename change then the file saves successfully.

Anti-malware SW logs show nothing noted during the times of attempted download.

Thank you.

gk thanks for your response and interest re the file download-rename issue.

It had happened on two different occasions after firing up TBB but then while writing down the steps for you it failed to fail. Will watch for another opportunity. Thank you.

Anonymous

October 23, 2017

Permalink

i read that (and it was confirmed by the dev & users) every tab has a different relay : it is normal for a minimum of 'privacy/security'.
it is not the case with 7.0.7
something is wrong with this version :
- relays are the same (open 4 tab then compare the relays).
- home (Tor page) keeps the settings of https (click on the home icon after your surf : https keeps the number , it is not reset at zero).
it sounds that the team(s) do not work since several months_years on Tor but on another projects which conference (sponsors & for themselves/business).
Tor is still recommended : for how long time ?

https-everywhere on : the number on the icon does not reset.
confirmed : surf opening several page/tab (test 5 different sites e.g) then you can see a number on the https_icon : it is the number of links forced in https.
now, if you push on the button / icon "Home" (you go to the Tor page : default) , the number is the same even if you reload the page.
Home redirect to the Tor page but keeps the old settings/address taken from your last surf (on the icon or in memory ? that's the point !)
you can see that easily if it appears a "+1" on the Tor page yet configured (default) in https !

relays : no problem but the question is relevant , if a malfunction/hack/censure/control happens how could i be informed ? how to be alerted of this behavior ? nothing show us that one opens the same "relays-set" when one surfs !

It is not about the relays on ONE site/page of course.
if the relays are the same on 2 different tab _ at least close one.
In short : the relays must be different , if not ; check "New Identity" or restart Tor.

i wonder if some malfunction are not coming from the usage of firefox-esr & firejail interfering with the use of Tor (i use Tor for onions & surfing but i download with firefox).
2 versions are on linux system : firefox & firefox-esr.

we need more and more relays operators ... and learning to be prudent.

Anonymous

October 23, 2017

Permalink

Try open a site i see a lot of re-routing/relaychanging before site opens. Or site is open and after minutes circits are changing, not on all sites.
Is this normal?

There are complex sites like Google that reroute users over different country domains (like google.ua, google.de etc.) which all cause different circuits to be built as they are bound to the domain you see in the URL bar. Then it can happen that a circuit gets unusable and a new one needs to get built for resources that are refetched from websites. So, this nothing which is unusual.

Anonymous

October 24, 2017

Permalink

Hi,

thanks for Thor, great idea!
But why it is sooo slow? To come to your website took 45 secs. Download a new Tor browser (3.8 MB) took 11 min!
5 KB/s?

Anonymous

October 24, 2017

Permalink

sometimes i get the message 'Secure Connection Failed'.
if i choose 'New Tor Circuit for this Site' tbb tries to open the website with the same circuit.
is this behavior intended?

Anonymous

October 24, 2017

Permalink

This keeps crashing on my Windows 7 laptop. It starts to download a page but then just freezes so totally unusable.Please fix soon.

Anonymous

October 24, 2017

Permalink

Can you update me on this matter. As the law is now. Would you be obligated to provide a backdoor to agencies for TorBrowser, IF they asked you to do it? Is a law like this close to being passed?

Where is Tor organization based? Is it not based in USA? So it would be there the law would have to be. How can you not know about this law? I reading daily about new US laws being passed to allow agencies to have backdoor. Are you not supposed to be the one knowing this?

Well, not everyone working on Tor Browser is based in the US. Especially not those that are doing the releases and making sure the right code gets into the binaries we distribute. So, even if there existed such a law in the US and even if some agency in the US came to the Tor office in the US that does not mean that anything in Tor Browser changes as a result of that. Quite to the contrary.

Anonymous

October 24, 2017

Permalink

Why do you now require javascript activated to place comments on the blog? Pls revert back to old where you could comment without JS

Anonymous

October 25, 2017

Permalink

Dear Tor cooperatives ,
I like to raise an security issue - Tor Browser defends internet traffic analyses but are you aware
of the fact that everything that is being done on a computer is visable through interception of
Van -Eck radiation that can being received over a distance of many miles ?
Writing emails , you name and address , photo's and more , it is al visable .

At youtube it is explained how simple it is to make a device that modulates the Van-Eck radiation - Van Eck , was a Dutch telecommunications engineer -anyone is able to make
a device that modulates Van -Eck radiation and on youtube it is schowed how easy that is.
Local law enforcement units are making use of the Van-Eck radiation to create a database of local computers positions in cooperation with satellites..

Everything that is being done with the Tor-Browser is visable but even when one has no
internetconecction on , the computer screen /monitor stays visable as long the computer is
turned on.

with regards ,

Willem

they do not intercept (no one can do that_if you do that you cut the connection) they listen like 10 000 years ago.
In fact they are the owner of the submarine_cable (uk is a good example).
- on a computer , you cannot know (off) what a user is doing if you are not very near of the keyboard.
- on a computer you cannot know (on) what a user types if it is encrypted.
you are speaking about illegal teams/tools , it is not new but it is used more for on the cellphone/tablet than on the computer/laptop (wifi needs a registered number and a gps activated in most of model_not all).
how many vehicles are in your town ? a gps is included in the motor/electronic component (the same thing is deploying in china) so no, you cannot know where i am located and where i sent my messages if you have not 'an open-door' inside my area/zone/home/pc.
a gap pc is isolated against all emission/radiaton : not at all new.
In fact they ask to the isp and to the neighbor of a suspect then they wait ... a mistake.
i do not think that a team (francfort e.g) is able to uncrypt Tor or a gpg message or a vpn using this 'tip' : this trick is for obtaining a free zone for rescue or in a military zone or listening the space not for "intelligence" even if some tools were & are used for locating, listening,intercepting,controlling cellphone (ireland / uk ).

Anonymous

October 25, 2017

Permalink

Suddenly my torbrowser was closed. Error in terminal (I don't detach from terminal):

./start-tor-browser: line 368: 1619 Segmentation fault TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
[Child 1675] WARNING: pipe error (3): Connection reset by peer: file /home/debian/build/tor-browser/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Child 1675] ###!!! ABORT: Aborting on channel error.: file /home/debian/build/tor-browser/ipc/glue/MessageChannel.cpp, line 2152
[Child 1675] ###!!! ABORT: Aborting on channel error.: file /home/debian/build/tor-browser/ipc/glue/MessageChannel.cpp, line 2152

In dmesg at same time:

Chrome_ChildThr[1679]: segfault at 0 ip 0000564b2ebd5225 sp 00007feca51fe470 error 6 in plugin-container[564b2ebd0000+1b000]

Sorry, I don't know how to make it reproducible, but want you to know it. JS was disabled in about:preferences, slider was at highest security. Dialogs to download files and save them to PC were opened sometimes.

I run my TBB inside PV domU, and this PV domU sometimes hang with kernel error. I think it is some known domU problem which is fixed in later Xen versions, but my Debian release doesn't backport them. Sometimes torbrowser even cannot start, and I need to restart my VM or particular device. It happens not so often, but I notice it sometimes.

The second possible source of problems is that I made my /etc/machine-id empty. Normally torbrowser writes warning about it, but works without any problem. However, I cannot exclude that this bug is triggered by this thing.

So, if the bug is not triggered by these 2 aforementioned problems, then it is in the firefox itself. My 10+ years of experience with Mozilla firefox and torbrowser tells my that ALL versions of browser in some cases crashed. So, all of them had some 0days, and I think many of them were not discovered yet. Btw, this is the reason to work inside VM only.

Anonymous

November 03, 2017

Permalink

Why youtube can still display correctly sometime (twice in the past month) ? I thought it should only show a blank page when security bar is set to high, after their 'important' upgrade.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

2 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.