New Release: Tor Browser 7.5.6

Tor Browser 7.5.6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 7.5.6 updates Firefox to 52.9.0esr and includes newer versions of NoScript and HTTPS Everywhere. Moreover, we added the latest Tor stable version,

This Tor Browser version additionally contains a number of backported patches from the alpha, most notably the feature to treat cookies set by .onion domain as secure as well.

For Windows users we activated an option that prevents an accidental proxy bypass when dealing with UNC paths.

The full changelog since Tor Browser 7.5.5 is:

  • All platforms
    • Update Firefox to 52.9.0esr
    • Update Tor to
    • Update Tor Launcher to
      • Bug 20890: Increase control port connection timeout
    • Update HTTPS Everywhere to 2018.6.21
      • Bug 26451: Prevent HTTPS Everywhere from freezing the browser
    • Update NoScript to
    • Bug 21537: Mark .onion cookies as secure
    • Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
    • Bug 25721: Backport patches from Mozilla's bug 1448771
    • Bug 25147+25458: Sanitize HTML fragments for chrome documents
    • Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
  • Windows
    • Bug 26424: Disable UNC paths to prevent possible proxy bypasses

June 26, 2018


Thank you for your courageous work! Keeping up a close eye on all the Mozilla patches is certainly not easy ^^


June 26, 2018


Does this version will be the last on Win XP platforms?
(as firefox 52.9.0esr will be the last no XP for mozilla)


Yeah XML/XPCOM is such a "smart usable intuitive add-on GUI", reminds me of my WinXP days. C'mon my dawgh Mozilla is waging a full out war on XML since it's old, can be replaced with modern technologies, and is SLOWISH.

agreed. Also, using the NS UI is trickier since i like the temporary js enable setting.
UI access to the other per-site enableable features is interesting, but I usually keep those disabled.

Peak Firefox usability was circa version 3.6
The only necessary addons were noscript and httpseverywhere.
GooglebarLite, searchboxSync. and searchboxWP improved usability.

Since 3.6, I've had to use 2 or 3 addons to fix what mozilla broke or removed.
I also use local proxy filtering, which repairs much bad web authoring, bad headers, etc., making the web pages hugely more usable - or making even web pages just viable as web pages.

of course in TBB, I only tighten up some prefs - I don't install addons or use the proxy.

I feel (possibly inaccurate) pseudo-empathy for security challenges that Tor and Moz devs have to take on.

Mozilla has, unfortunately, become Corporate America ... At least it took more time than it did for a Homebrew Computer Club device to spawn the obscenity Apple.
Am I supposed to trash my wonderful 80486-based IBM Thinkpad, still running XP really strong and replace it with what? Difficult-to-build-and-maintain LINUX or the pathetic Win-Turn Your Computer into a Glass TTY-10 and place my trust in the clouds, oh those beautiful, more easily cracked than TSS/8 clo, timeshare systems running on computers we have no control over, cannot identify, and need to use Tor for talking to.

On a completely different (except for wormy Apple) is the ToB "onion" browser, offered up by the Apple Store a REAL relative, or just another malware construct?


June 26, 2018


Many thanks as always for the great work done by the Tor devs and colleagues!! Praise well earned deserves to be repeated frequently, so please accept this sincere tribute offered once again. :)


June 26, 2018


Just updated Tor Browser, and it shows the following error when opening the link from "visit our website" link, or from the location bar:

"The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies."


June 26, 2018


The URL for the Update that's given on your Web site works, but the one shown in TorBrowser's Update window (before updating) as well as on the first run tab detailing the latest changes (after updating) (without the final hyphen) fails with "The page isn’t redirecting properly" and "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."


June 27, 2018


can't dl tbb from
clicking the button to… and "failed" in the Download tab, retry doesn't help and
14:32:33.303 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: onfocusin attribute on DIV element. 1 download-easy.html
14:38:04.524 Strict-Transport-Security: The site specified a header that could not be parsed successfully. 1 torbrowser-install-7.5.6_en-US.exe


June 27, 2018


Updates , updates ... will a time come when "stuff" just work and don't
need to be "updated" not talking about Tor specifically but come on
is the "internet" that dynamic or softwares so "soft" that they need repair
every 2 or 3 weeks.
Give me a break and please keep on rocking Tor.

> Updates , updates ... will a time come when "stuff" just work and don't need to be "updated" not talking about Tor specifically but come on is the "internet" that dynamic or softwares so "soft" that they need repair every 2 or 3 weeks.

Those "repairs" are keeping you (and all of us) safe(r).

Insecurity is built so deeply into every aspect of the Internet as we know it that a hoary but unfortunately perfectly valid maxim holds that "convenience is the enemy of security". It's horrible, and possibly true only because DARPA wanted it to be true right from the beginning (see Yasha Levine's book for how dragnet surveillance was generally agreed to be a major goal of ARPANET when that was first introduced).

Many people love vehicular analogies, so here is a vehicular analogy:
Driverless cars offer new forms of control — no wonder governments are keen
The surveillance aspects of driverless cars are a big reason why
Neil McBride
27 Jun 2018

> There’s a reason why governments are so keen on driverless cars – and it’s not just because of the potential economic benefits. They offer the chance for even greater tracking and even control of citizens’ every move. Far from setting us free, driverless cars threaten to help enable new forms of surveillance and oppression.

Question for gk:

From the PKI cert I see when I connect to

CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US
Subject Name:
CN =
Subject Alt Name:
DNS Name:
DNS Name:
DNS Name:
DNS Name:
DNS Name:

Other users have verified these odd features.

So the cert which "authenticates" this blog does not authenticate that concent (e.g. posts) have not been altered since leaving TP control, but only that they have not been altered since leaving (whatever that is), yes?

If is gifted with an NSL accompanied by a gag order, TP's CEO and GC will never know, yes?

The nexus with AFCSME is worrisome because of reports about a concerted effort backed by the Walton and Koch families to break that union, together with the landmark SCOTUS decision issued yesterday:
Supreme Court Ruling Delivers a Sharp Blow to Labor Unions
Adam Liptak
27 Jun 2018

> Janus v. AFSCME (American Federation of State, County and Municipal Employees), No. 16-1466, was brought by Mark Janus, a child support specialist who works for the state government in Illinois.

Other certificates from news sites and other NGOs all seem to actually be owned by the site owner, with one exception: has the same worrisome features.

It seems to me that using this kind of cert is tantamount to inviting bad trouble from the USG. Can TP obtain a cert which fufills the implied promise to authenticates that the content we see is under TP control and not " (whoever that is)?

To make matters worse, forensicon is a digital investigations company. Perhaps they own the pantheon site?


> Not sure. Could you give us steps for reproducing your problem? On which platform does this happen? How are you trying to save images? Example link?

> Could you be a bit more explicit about what exactly you are doing and what is not working for you anymore?

Using 64bit Win7 Enterprise

Every website I go to in Tor, whether i right-click to save an image or open the image in its own window and save, it will not save unless i save it to my local drive. Image format makes no difference. Multiple websites make no difference. If I choose to save on a network, everything happens as thought it worked but nothing is saved.

Tried the 8.0a9 alpha version and that does work. The version previous to 7.5.6 also worked but this one does not.


June 28, 2018


Any chance of getting a 52ESR Windows 64 bit build? I'm not comfortable updating to FF60 for many reasons. Now I need to choose between staying on 8.0a8 or switching to 7.5.6 32 bit build

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

11 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.