New Release: Tor Browser 7.5.6
This release features important security updates to Firefox.
Tor Browser 7.5.6 updates Firefox to 52.9.0esr and includes newer versions of NoScript and HTTPS Everywhere. Moreover, we added the latest Tor stable version, 0.3.3.7.
This Tor Browser version additionally contains a number of backported patches from the alpha, most notably the feature to treat cookies set by .onion domain as secure as well.
For Windows users we activated an option that prevents an accidental proxy bypass when dealing with UNC paths.
The full changelog since Tor Browser 7.5.5 is:
- All platforms
- Update Firefox to 52.9.0esr
- Update Tor to 0.3.3.7
- Update Tor Launcher to 0.2.14.5
- Bug 20890: Increase control port connection timeout
- Update HTTPS Everywhere to 2018.6.21
- Bug 26451: Prevent HTTPS Everywhere from freezing the browser
- Update NoScript to 220.127.116.11
- Bug 21537: Mark .onion cookies as secure
- Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
- Bug 25721: Backport patches from Mozilla's bug 1448771
- Bug 25147+25458: Sanitize HTML fragments for chrome documents
- Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
- Bug 26424: Disable UNC paths to prevent possible proxy bypasses
FWIW, I experienced no problems with verifying the detached sig or running TB 7.5.6.
Thanks to everyone at TP for all your hard work, and please do not fail to disobey any gag orders accompanying an NSL handed to TP! We need that kind of protection too...