Tor Browser 7.0.11 is released

Tor Browser 7.0.11 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox and fixes vulnerabilities in Tor. All users are encouraged to update as soon as possible.

This release updates Firefox to version 52.5.2esr and Tor to version 0.3.1.9. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship.

The full changelog since Tor Browser 7.0.10 is:

  • All Platforms
    • Update Firefox to 52.5.2esr
    • Update Tor to 0.3.1.9
    • Update HTTPS-Everywhere to 2017.12.6
    • Update NoScript to 5.1.8.1
Anonymous

December 13, 2017

Permalink

You loosers still haven't fuxed this yet??? #sad

Tor Browser 7.0.11 ships with addons.mozilla.com and testpilot.firefox.com allowed to install add-ons!!!

Worse, this is hidden in Preferences>Security>Exceptions which is not accessible unless user knows how to activate menu bar.

After disallowing those sites, they are re-enabled on restart!!

Tor Browser Bundle is SPYWARE!!!!

Thank you, I just checked and you are correct. This is a serious security issue. Always these problems with browsers built by companies allied to or working with the security agencies. People have said before TOR should be built from scratch not using anything from those in the pocket of the security agencies. Now developers how about an answer of how to get rid of this testpilot as it is not in about:config and you have to remove it every time the browser is started.

>What exactly is the issue?
See the post above by Donald T. Rump… (not verified)
Go to the options settings- privacy-exceptions and you will see that the sites if deleted regenerate when the browser is restarted. This version seems so buggy it should not have been release without more trials.

Load about:preferences#security and click on the "Exceptions" button next to the line "Warn me when sites try to install add-ons". A window with title "Allowed Sites - Add-ons Installation" pops up, with <a href="https://addons.mozilla.org>[/geshifilter-code" rel="nofollow">https://addons.mozilla.org>[/geshifilter-code</a>] and [geshifilter-code]<a href="https://testpilot.firefox.com[/geshifilter-code" rel="nofollow">https://testpilot.firefox.com[/geshifilter-code</a>] listed as sites that are allowed to install add-ons.  Clicking "Remove all Sites" and "Save Changes" removes the entries only for the current session - the sites are whitelisted again after the next browser start!  Apparently, there is no [geshifilter-code]about:config preference controlling the whitelist.

Thanks. That behavior might be due to Tor Browser being in Private Browsing Mode (PBM) and your choice is not saved to disk. Does that change if you get out of PBM on about:preferences#privacy?

That said I guess there is no reason to allow testpilot.firefox.com to be on the whitelist in the first place? I've opened https://trac.torproject.org/projects/tor/ticket/24655. However, we do get NoScript updates via addons.mozilla.org, thus it seems to me we can't remove this by default.

Anonymous

December 14, 2017

Permalink

More and more of the places I connect to use the Fortinet Firewall and webfiltering services. Some even block getting to the Tor Project website, but most prevent the Tor Browser from connecting to the Internet. I have tried the various bridges and still getting blocked.

any tricks?

Anonymous

December 14, 2017

Permalink

old problem back again. Since installing the update to 7.0.10 I am getting an error on some sites 'cannot establish a secure connection as your computer clock is incorrect'. I remember a year or so ago that I was getting that error message. My computer clock is correct so what is it that TOR wants?

Anonymous

December 14, 2017

Permalink

I noticed that the first jump node is static. No matter how many times I request new tor circuits the IP address for the first jump does not change. What gives? Seems to me that this is a security issue since that node can easily be compromised if it predictably stays the same for a given user.

Anonymous

December 14, 2017

Permalink

Just updated Tor browser and now the first jump IP address is static. It will not change no matter how many times I request new identity or request new tor circuits. This seems to be a serious security flaw that allows predictability to occur. If my connections always go through the same node, that node can be compromised and information obtained.

Anonymous

December 14, 2017

Permalink

Is it correct that the Tor Browser bundle 7.0.11 for Windows x32 is signed with the key
RSA 0xC3C07136?
If so why is it not signed with the more trusted Tor Browser Developers signing key 0x93298290?

Anonymous

December 14, 2017

Permalink

What ever you changed, it is not working properly. Tor starts up and states it is not properly configured on your own website more then half the time it starts up. The tor relays on first jump are now fixed and stay the same no matter how many times you request a change in circuits. It seems to me this is unsafe in it's current form. It is not just my computer. I've tried 7.0.10 on various computers with no issues. Of course you force update your newest version despite me not wanting to update to the new version. You guys are not making TBB user friendly or safe by default. Starting to wonder if you are truly interested in safety/security for your users.

The guard nodes are indeed fixed and this is a security feature. You might want to read up on that: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…. And, no, we are not force-updating anyone. You can disable the auto-update. Could you explain what you mean with "Tor starts up and states it is not properly configured"? What are you doing and what is happening?

Anonymous

December 14, 2017

Permalink

Since version 7.07, I have complained that my Zonealarm firewall reports that Tor Browser is trying to access explorer.exe. This suspicious behavior continues in version 7.11.

This is a behavior I did not notice before version 7.07.

When Tor Browser starts up, I get one warning from ZoneAlarm, and deny permission. Then it immediately does it again, and I deny it permission again. I select the check box for the denial of permission to be remembered, but ZoneAlarm never remembers the denial.

I have downloaded and re-installed multiple times, and have verified the downloads with both sha256checksum and gpg.

Will there ever be any explanation of this suspicious behavior?

As stated, I believe it started in version 7.07
I know it has continued in every version since, even with multiple clean installs.

I am running it in Windows 7 Pro, 64-bit with the ZoneAlarm firewall.

Seems like, aside from the two access attempts at startup that always occur, it also does it when I begin to type something into the address bar. Make me wonder if there is some kind of key logging activity going on.

Should Tor Browser be accessing explorer.exe at all?

Could you find out the exact version following the link I gave you above? Otherwise it is hard for us to work on a fix for your issue (assuming it's possible for us at all).

Not sure about accessing explorer.exe. I'd say Tor Browser has not business accessing it but without understanding what is going on it's hard to tell.

Anonymous

December 14, 2017

Permalink

HELLO, BEEN A WHILE, GLAD TO SEE THERE ARE STILL SOME CHALLENGES , like my caps lock getting stuck, thank you all for putting tor together, I'm to much a novice to accomplish such a thing, Merry Christmas everyone.

Anonymous

December 15, 2017

Permalink

Whle using the web site https://ipleak.net/ I noticed that torbrowser fails to connect to the web site quite a lot. the web site is rarely able to identify the Torbrowser DNS servers does this sound normal?

Anonymous

December 15, 2017

Permalink

TorBrowser\Browser\AccessibleMarshall.dll gets auto blocked and flagged as potentially harmful file by F-Secure SAFE anti virus. This is the first version it has flagged it.

Anonymous

December 15, 2017

Permalink

Using linux, my browser updated automatically to 7.0.11

Problems:

1: I had turned automatic updates off but the update happened anyway

2: All browser preferences and plugin preferences were reset without any warning, which is highly problematic especially if you are browsing the web falsely thinking scripts are disabled

Also, as mentioned by others here, the NoScript icon jumped to the right side of the window.

When did you turn automatic updates off? And how did you do that? As to the preferences reset: Tor Browser is not doing that. It does not touch your profile directory where those preferences are stored (with the exception of extension updates). How did you install Tor Browser on your computer?

I installed Tor Browser by downloading and extracting the tarball from the tor project site. The signature was valid. I turned off automatic updates weeks ago via the update tab in about:preferences (and if I then go to about:config I can see that app.update.auto is set to false).

I dug around and found the file "last-update.log" which tells me a replace request was performed. The entire "Browser" directory appears to have been replaced. Is this normal?

Anonymous

December 17, 2017

Permalink

Worst version for years, full of glitches which admin are either not giving complete replies to or they are not even posting some peoples replies. I have nearly all the problems reported in this list and 103+ messages shows there are real problems.

Got a friend who also says he posted and it did not show up. Which department of the NSA wrote the code for this version?.

Anonymous

December 17, 2017

Permalink

hello im on Firefox tor says everything is safe now ,so can brows like hidden wiki with my id info and location safely,newbee

Anonymous

December 20, 2017

Permalink

Torbutton showed one relay in the circuit as "Unknown country (IP unknown)".
Is it possible to block these in torrc?

Anonymous

December 23, 2017

Permalink

For what it's worth, TB 7.0.11 is working fine for me on a laptop and a PC. (I downloaded and verified the tarball, so I didn't experience an auto-update, which may partially explain my happier experience that some users report.)

Anonymous

December 26, 2017

Permalink

Tor Browser 7.0.11, windows
any time using Twitter, after loading the page, it reloads the page in the mobile version.

Anonymous

December 26, 2017

Permalink

when you un script block this site, it says it is offline. Never seen this behavior before in any browser.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.