New Release: Tor Browser 8.0.7

by boklm | March 19, 2019

Tor Browser 8.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This new release updates Firefox to 60.6.0esr and Tor to the latest stable version, 0.3.5.8. Moreover, it makes Tor Browser more interoperable with NoScript by telling it that it is running in a Tor Browser context.

The full changelog since Tor Browser 8.0.6 is:

  • All platforms
    • Update Firefox to 60.6.0esr
    • Update Tor to 0.3.5.8
      • Bug 29660: XMPP can not connect to SOCKS5 anymore
    • Update Torbutton to 2.0.11
      • Bug 29021: Tell NoScript it is running within Tor Browser
  • Windows
  • Linux
    • Bug 27531: Add separate LD_LIBRARY_PATH for fteproxy

Comments

Please note that the comment area below has been archived.

There is even 10.2.3 out meanwhile. We are not there yet to disable NoScript auto updates and inspect the code changes for each update and only ship updates we carefully checked. Thus, updating within Tor Browser is the best thing you can do meanwhile.

that ticket was CLOSED with a resolution that it will NOT be fixed because if you're messing around in the advanced settings you should obviously know what you're doing, especially after accepting an original warning from about:config. there's no reason to focus on a change that only tells people that they should know what they're doing a second time, only for them to acknowledge their competence (or stupidity) additional times.

March 19, 2019

Permalink

Is anybody else having difficulty using DuckDuckGo with the upgrade? It is no longer working on each of my Mac's after the upgrade.

I have issues with DDG-search too, but it is not related to TBB807 probably.
The situation with DDG is the following: you trying to search but yours search-query (even simplest) tooks long time and some time later TBB just stops with empty page (page never was loaded; did not do web-debugging or network-console observations). Also it is possible to click "Reload" TBB-button and search-query will resend data to DDG (AFAIR onion and clear-seits - no difference).

Currently - DDG works much more better and stable that lats say 1 month ago.
I believe it is (or was) something wrong with DDG-site (and its onion as well).

I'm a Vietnam veteran with three Bronze Stars.

Yet I refuse to use any search engines, "including Duck Duck Go" that are located in The USA.
Since Mr. Edward Snowden outed NSA etc I have little to zero trust in any of them in our country.
I exclusively use "www.startpage.com." Been using it since long before they changed the name to Startpage.com.
I fear for this once great country. I fear the Democrats will get their way and criminalize gun ownership and will also remove the electoral College thus rushing us into the horrible form of government so many have already been convinced we are, "A DEMOCRACY!" AKA "MOB RULE," A guaranteed rush to Socialism with the likes of Cortez, ORourk etc. I want to be wrong but I think we are now on a irreversible path to be the next Venezuela.
Just thought I'd let you know my feelings about Duck Duck go. Startpage.com is my browser home page.

March 19, 2019

Permalink

Keep getting "NoScript XSS Warning" when searching using DuckDuckGo (clear / onion service), StartPage and Disconnect. Only happens when Tor Browser Security Settings are in Standard and Safer. I'm using Trisquel 7 Belenos x86.

March 20, 2019

In reply to gk

Permalink

Whatever 8.0.7 came with. But looks like it's already fixed after the 10.2.3 update. Thanks and more power!

March 20, 2019

Permalink

Since this update i cannot connect anymore to the TOR Network. Also tried over VPN to exclude provider problems - No way to connect:

3/20/19, 17:46:12.321 [NOTICE] Opening Socks listener on 127.0.0.1:9150
3/20/19, 17:46:12.321 [NOTICE] Opened Socks listener on 127.0.0.1:9150
3/20/19, 17:46:12.321 [NOTICE] Bootstrapped 5%: Connecting to directory server
3/20/19, 17:46:20.276 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 10; recommendation warn; host 2F09BD6D9A2D5A7D6D26C17651CE8ECF0B7BA257 at 217.182.198.95:443)
3/20/19, 17:46:20.276 [WARN] 9 connections have failed:
3/20/19, 17:46:20.276 [WARN] 9 connections died in state connect()ing with SSL state (No SSL object)

March 20, 2019

Permalink

Hallo Torproject,
with new(er) TBB i CAN'T BLOCK nonSSL/nonTLS?
Thats really ....undesirable! Can you fix this failure?
EASE in HTTPSEverywhere isn't blocking unencrypted data reliable.
I wan't e.g. fetch email and can't block mixed (un)encrypted. ......What?

March 21, 2019

Permalink

Something is wrong with the new update, v8.0.7. All tabs/website are using the exact same circuit order & even the exact same server IP. Then there's an, --unknown--, listed in the fourth place.

Lets say I have 4 different website open (website1.com, website2.net, website3.org, website4.gov), but all 4 tabs will display the exact same circuit:

+This Browser
|
+Country/IP 1 Guard
|
+Country/IP 2
|
+Country/IP 3
|
+--unknown--

This behavior is the same no matter how many different websites I connect to/tabs I open, they all use the exact same circuit.

I thought each open tab usually created a new circuit, which would be different from the other currently open tabs. At least this was the behavior as recently as version 8.0.6. Just what is going on here?

A clean install has restored the default behavior, of creating new circuits for each tab. But now I've lost access to all my bookmarks, customized settings, themes, even extensions & extension data. These were accumulated all through the years, from back when I first started using TOR, around 2010/2011!

I guess the update from 8.0.6 to 8.0.7 triggered some kind of bug in the code/settings for new circuit generation for each new tab.

They are still at your old location and you can export them like exporting bookmarks from your regular Firefox and import them into Tor Browser.

Looking at the changelog from 8.0.6 to 8.0.7 I am not sure which change could have caused this, especially as your report is the only one about this issue we got so far. So, one way to figure this out could be for you to reinstall 8.0.6 at some place and do the update again and see whether you got the same behavior (see: https://archive.torproject.org/tor-package-archive/torbrowser/8.0.6/).

March 21, 2019

Permalink

Hallo,
Schade, dass Ihre Browser nicht für Windows-Server 2003, 2008, 2012 und 2016 geeingen ist..
Man mus wieter Google benutzen.
Grüße
W. Łastowiecki

Łastowiecki Wojciech (not verified) said: March 21, 2019
Hello,
A pity that your browsers are not for,
Windows Server 2003, 2008, 2012 and 2016 is ..
You have to use Google.
greetings
W. Łastowiecki