Tor Browser 7.5a7 is released

Note: Tor Browser 7.5a7 is a security bugfix release in the alpha channel for macOS and Linux users only. Users of the alpha channel on Windows are not affected and stay on Tor Browser 7.5a6.

Tor Browser 7.5a7 is now available for our macOS and Linux users from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.5a6:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources
khled.8@hotmai.com

November 04, 2017

Permalink

whats with the:

Changelog:
Tor Browser 7.5a7 -- November 6 2017
* OS X
* Bug 24052: Streamline handling of file:// resources
* Linux
* Bug 24052: Streamline handling of file:// resources

This is November 4th, even with the international date line it doesn't work.

The process to prepare a new release takes a few days, but the Changelog is written when we start the build so we have to guess when everything will be ready for publishing, and this time we were faster than we planned.

khled.8@hotmai.com

November 05, 2017

Permalink

oooo

khled.8@hotmai.com

November 05, 2017

Permalink

Really proud that you thought about us, alpha users, thanks tor browser team :D

khled.8@hotmai.com

November 06, 2017

Permalink

Friends, do this bug affect Firefox Portable when configured with Tor expert bundle and running inside Windows?

khled.8@hotmai.com

November 07, 2017

Permalink

What happens when Entry guard or Middle relay is trying to control, to decide which following relay it will allow?

Хек

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

8 + 12 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.