Tor Browser 7.0.10 is released

Tor Browser 7.0.10 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.1.8, the second stable release in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. For Windows users we backported patches from the alpha series that update the msvcr100.dll runtime library we include and which should make Tor Browser more robust against crashes due to misbehvaing third party software.

The full changelog since Tor Browser 7.0.9 (7.0.8 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.1.8
    • Update Torbutton to 1.9.7.10
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
      • Bug 24178: Use make.sh for building HTTPS-Everywhere
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
  • Windows
    • Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
    • Bug 23396: Update the msvcr100.dll we ship
    • Bug 24052: Block file:// redirects early
Anonymous

November 14, 2017

Permalink

NoScript is still on the right after this update. Should I be worried that I have a different fingerprint than the others? I'm on Trisquel x86 BTW...

Yes, It was already there before the update. I installed a new one and NoScript still moved to the right after relaunching (Ctrl+Shift+U) it today. However I got a "yes" result in "Does your browser protect from fingerprinting?" after testing it with EFF's Panopticlick, so I guess it should be fine.

Anonymous

November 14, 2017

Permalink

Very Thanks to all who work on This Tor this Program is for Save the Internet and Keep The World Clean from Hacking and Profit

My best Regards on you

Anonymous

November 14, 2017

Permalink

New user and want to donate . this network fills secure .Which is the best way?

Anonymous

November 14, 2017

Permalink

please update

Bug 23997: Add link to Tor Browser manual for kw, om

Anonymous

November 15, 2017

Permalink

Beautiful work devs!

Pretty please can we get level 3 content sandboxing in FF 57 patched to work with Linux Tor Browser? :-)

January 23rd the Firefox 59 beta drops, which will be the basis for ESR 59 in March. Mark your calendar as it ought to be the best time to prepare for the first TBB based on this ESR.

Anonymous

November 15, 2017

Permalink

09:15:43.600 DOMException [InvalidStateError: "A mutation operation was attempted on a database that did not allow mutations."
code: 11
nsresult: 0x80660006
location: resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/async-storage.js:80] 1 Promise-backend.js:935

Anonymous

November 15, 2017

Permalink

lot of Updates! on and on and on! when reaches to its end? Terrorists and suicide bombers, mass shooters etc, doing freely, but internet users are not free! why internet users are under intense surveillance, but Terrorists acting freely?
How one could be sure about theses ridiculous Zeros and Ones which come and get out of PC's, not to be seen by third parties, adversaries, terrorist regimes installed by U.S.A,?
just some ridiculous Green lock or some jumping relays, could prevent third parties watch our communications?
who don't know that every signal on all over the planet Earth are traceable, view-able and decodable, by surveillance centers? just an easy Dos command like "netstat/n" can show you after running the Tor browser, other creepy connections get you in touch and exploit your data stream!
watch out Tor users, there's no lock in all the world that could not have got a correct key.

you are misinformed :
- internet users will be free when isp & free-lance actors (often illegally) will pay their activities done against the users : the contract between a client and a service is not at all in favor of the client (the users) ; it is a commercial matter not a politic one.
- a terrorist regime is a rogue-state like france e.g , in a true democracy/republic it can't happen & usa does not install it (imo).
- most of signals are encrypted and not traceable , it is not because you 'see' that you 'know' (imo).
The danger is not (in my own opinion) about Tor or Tor network.
It should be far better if encryption was legalized as a fundamental right and if our lives were respected as our own propriety : it is a matter of force/will of a whole people/region not a police one.

Anonymous

November 15, 2017

Permalink

i strongly disagree with your self-satisfaction :
- security.enable_tls
- network.IDN_show_punycode
- security.ssl3
and why do you not implement a Calomel-add-on version (it does not connect at the network_passive addon : privacy respected) ?
i need a secure Tor Browser not a windows_cop_toy !

Tor is not a secure browser but a government/google compliant.
This has been answered in this ticket : firefox is poorly secured ...
The Users need a secure browser not a jc jones for guru.
This has been written in this ticket: https://trac.torproject.org/projects/tor/ticket/24239

Every one does now know that clearly , Tor & firefox & https (gmail&google !!!) are not on the line they claim ; they are running like an electric car , just following the same rules, the same roads, it sounds like anonymous means in your mind/brain 'without identity/personality walking slowly blind & deaf until the retreat : the maffia blues.
If you have built just a foss version of internet explorer (microsoft innovation = google = Tor Browser) it is a big misunderstood !
The users of the net do not need & want that & you still wonder why so few people are using Tor ?
my firefox is less anonymous and i can't access to the onions but it is more secure and Onions are useless if it is an open door and it is a big & large window that you open without securing better Tor.
Tor is not built privacy & security in mind : it is a false assertion, a lie ; it is just a microsoft joint-venture with free software foundation : hypocrite.

The time has changed !
Your 'template' https://www.torproject.org/projects/torbrowser/design/ (design document written for the version 6.1) is your project but we need something else & better now.
Before it was a new idea re-appropriating a free space , now we want move together with trust in mind , and tomorrow it will be different.

I suppose you hide the users behind 30 millions of civil servant (gov compliant etc.) & behind a professional-commercial flux (google_microsoft_gmail etc.) but you provide a link which said "des is secure (& rc4 too !)" because it is a govt demand ... so your idea of legality means a deal like a secret shared between a state and a personal opinion : both are the same person involved in an imaginary and a very small world : a retarded dream without autonomy (who was the ideal/model user ?).

I admit that your client are your sponsors and follow the u.s request but in this case, it is for them only : a reserved-private tool which the term 'privacy' implies your own concept & their will.
It is not exportable and not an universal translation of a genuine right.
So your presentation [The Tor Project is a US 501 non-profit dedicated to the research, development, and education of online anonymity and privacy & You are now free to browse the Internet anonymously] is an intellectual lie , a dishonest assertion in every word & comma.

I should add that you act with bad faith : you are not behind mozilla you are in front of it as soon as you run tor.
You cannot offer better than mozilla if you do not first built yours then add your tor config : you did not , you take it as a source without accepting the idea to first harden yours and you are wrong : the sites - even the most obscure, old, reticent - must update their configuration to enter in the xxi century or must be avoided (https is one example, cypher is another one ...). I, i should not be confidence in my army; police force or another public service -elective dpt e.g- and unknown friends or enemies if the contact (surfing is one example, emailing is another one...) was not secure and anonymous.

It is not an angry, geek, absurd, paranoid feeling. It is just a minimum to be safe ; a secure Tor Browser not a cop_toy.

It is obvious, clear and sane : Tor Browser is not built privacy/security in mind ... just a cheat code, a proof of concept for the fun ... and does not provide the anonymity level that they claim.

The critic make sense in a general way on the attitude of mozilla.

They (mozilla) are marketing a privacy imago while they do not really make a real effort to work on it.
They publish reports on privacy, they support Tor and Tails which is all nice but these are big company tactics of walking to different roads. The marketing road for public association for the brand and the quite separate road for their own products.

Why deliver a browser with privacy options that are deactivated when you install it?
They know most users are installing products and go along without making a study of all the settings.

Why making the preferences panel 'easier' but actually hiding options so people have to work on a complete lost of about config settings to make this browser shut up and work?

But the best illustration is on their mobile products.
Now tell me, if you really are a privacy minded company, why the X are you releasing two versions of your mobile browser, a non privacy minded browser and a 'special' browser that has privacy options?

Why were they keeping up the system requirements higher (smaller market segment) for the privacy minded browser?
Why is there a huge difference between onion browser system requirements (systems req. lower is a broader market is better for more users) and the so called special privacy browser from firefox?
The standard browser on mobile is already for years a total anti privacy minded browser.

The desktop browser version of mozilla is for years a total pain in the privacy head because after every release on has to make a study of what they secretly changed, removed, added that might affect your privacy and make you work on the about:config again.
This is not a problem for users but also for developers, big privacy bugs in Torbrowser because at mozilla side they added something fancy again.

So, yes, in a way that poster has a point on attitude which is also illustrated here.
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647

Question to Torproject, are you going to follow Mozilla ignoring policies or really protect your Torbrowser users by reconsidering the Certificate Authority section.
You should because it is better to be safe that sorry afterwards and it is total madness to ignore loud signals of reality. Especially when you do not have to search for them but getting them as feedback.

Nobody asks you to bite in the hand that is feeding you.
But since Torbrowser is already a modification of the mozilla browser it should not be a problem to defend your users for the ignoring policies and mistakes your feeder is making.

Be convincing in your decisions when people are concerned and act to it because, many countries are trying to control the internet by themselves or by cooperating together.
Therefore it should be better that the Tornetwork is not only hosted in the western 5-19 eyes world and you really should look over and over again to what you trust in your browser.

To me that is the implicit message in the posting of the other person writing.

Anonymous

November 15, 2017

Permalink

I think I must have a counterfeit download... my "HTTPS Everywhere" extension says it is from "eff.software.projects@gmail.com" which is obviously not legit (if it was really from EFF I'm sure they would use an eff.org email address). Please advise.

Anonymous

November 15, 2017

Permalink

Is this ok or suspect?

15/11/2017 12:40:22.100 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
15/11/2017 12:40:22.100 [NOTICE] Opening Socks listener on 127.0.0.1:9150
15/11/2017 12:40:23.000 [NOTICE] Bootstrapped 80%: Connecting to the Tor network
15/11/2017 12:40:23.800 [NOTICE] Bootstrapped 85%: Finishing handshake with first hop
15/11/2017 12:40:23.800 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure")
15/11/2017 12:40:24.400 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit
15/11/2017 12:40:24.500 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure")
15/11/2017 12:40:24.500 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure")
15/11/2017 12:40:24.600 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure")
15/11/2017 12:40:24.600 [NOTICE] new bridge descriptor 'griinchux' (fresh): $011F2599C0E9B27EE74B353155E244813763C3E5~griinchux at 85.31.186.98
15/11/2017 12:40:24.600 [NOTICE] new bridge descriptor 'zipfelmuetze' (fresh): $91A6354697E6B02A386312F68D82CF86824D3606~zipfelmuetze at 85.31.186.26
15/11/2017 12:40:24.700 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6 address. Will prefer using its IPv4 address (85.17.30.79:443) based on the configured Bridge address.
15/11/2017 12:40:24.700 [NOTICE] new bridge descriptor 'NX01' (fresh): $FC259A04A328A07FED1413E9FC6526530D9FD87A~NX01 at 85.17.30.79
15/11/2017 12:40:24.800 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure")
15/11/2017 12:40:25.000 [NOTICE] new bridge descriptor 'cymrubridge31' (fresh): $C8CBDB2464FC9804A69531437BCF2BE31FDD2EE4~cymrubridge31 at 38.229.1.78
15/11/2017 12:40:25.100 [NOTICE] new bridge descriptor 'ndnop5' (fresh): $BBB28DF0F201E706BE564EFE690FE9577DD8386D~ndnop5 at 109.105.109.147
15/11/2017 12:40:25.100 [NOTICE] new bridge descriptor 'LeifEricson' (fresh): $A09D536DD1752D542E1FBB3C9CE4449D51298239~LeifEricson at 83.212.101.3
15/11/2017 12:40:25.200 [NOTICE] new bridge descriptor 'ndnop3' (fresh): $8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E~ndnop3 at 109.105.109.165
15/11/2017 12:40:25.300 [NOTICE] Tor has successfully opened a circuit. Looks like client functionality is working.
15/11/2017 12:40:25.300 [NOTICE] Bootstrapped 100%: Done
15/11/2017 12:40:25.300 [NOTICE] new bridge descriptor 'cymrubridge33' (fresh): $0BAC39417268B96B9F514E7F63FA6FBA1A788955~cymrubridge33 at 38.229.33.83
15/11/2017 12:40:26.000 [NOTICE] new bridge descriptor 'frosty' (fresh): $88CD36D45A35271963EF82E511C8827A24730913~frosty at 37.218.240.34
15/11/2017 12:40:26.300 [NOTICE] new bridge descriptor 'dragon' (fresh): $D9A82D2F9C2F65A18407B1D2B764F130847F8B5D~dragon at 37.218.245.14
15/11/2017 12:40:26.500 [NOTICE] New control connection opened from 127.0.0.1.
15/11/2017 12:40:26.600 [NOTICE] New control connection opened from 127.0.0.1.
15/11/2017 12:42:31.100 [WARN] Proxy Client: unable to connect to 154.35.22.12:4304 ("general SOCKS server failure")
15/11/2017 12:42:31.100 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure")
15/11/2017 12:42:31.100 [WARN] Proxy Client: unable to connect to 154.35.22.9:80 ("general SOCKS server failure")
15/11/2017 12:42:31.100 [WARN] Proxy Client: unable to connect to 154.35.22.10:80 ("general SOCKS server failure")
15/11/2017 12:42:31.100 [WARN] Proxy Client: unable to connect to 154.35.22.11:80 ("general SOCKS server failure")

Thank you.
Do you change basic bridges shipped on every version of Tor Browser?
I have made a new and fresh install of Tor Browser Bundle, problem seams to be solved.

Извините я не специалист в этом и мне трудно разобраться в документации на английском языке, но насколько я понял TOR одновременно работает только с одним входным узлом и все соединения которые он открывает, направляются через него (так показывает программа Tcpview).

А здесь получается одновременно два удаленных узла с которыми работает TOR и один из них johndeere.ratwerks.com передача на который идёт по почтовому протоколу imap (143 порт).

Я всего лишь хотел получить простой ответ.

Простой ответ по ссылке. Узел является входной точкой Tor. Все в порядке.
Порт может быть любым, хоть http. Соединений может быть несколько, они могут открываться, закрываться, ждать и т.д. Если не специалист, зачем смотреть соединения, которые для специалистов? :-) Все у вас ок с этим соединением, не переживайте.

FANTASTIC! Just what I was hoping for. For a couple weeks there I thought Windows would have some implied superiority complex over a bug in e10s until ESR 59. Phew. It also makes it clear TPO doesn't endorse the usage.

Another question: Does TBB rely entirely on sandboxing functionality provided by Mozilla? Meaning level 3 happens with ESTR 59?

mmHmm, I saw that. So then since level 3 is part of "NEXT" that would suggest what is needed is a somewhat stable NEXT like v59b in January (basis of ESR NEXT). That, or redo some work in the 2mo in-between, just to prolong the life expectancy of ESR 52 based TBB...until at most Julyish. +1 for as soon a transition as possible!

There is at least one alpha before we switch to a new ESR, usually two to test fixups before they reach release. We have the ff59-esr keyword to track tickets we deem important for the next switch: https://trac.torproject.org/projects/tor/query?status=accepted&status=a… feel free to pick any of them not assigned to someone in particular and start working on them. That's really appreciated or just ask on the tbb-dev mailing list or on #tor-dev on the OFTC IRC network if unsure. Thanks.

Anonymous

November 15, 2017

Permalink

With the last update to 7.0.10, *all* the files in my TBB folder, even in /tor-browser/Browser/Downloads, have an identical timestamp (the one of the update on my machine, I guess). Is that expected behaviour (which would be not so good), or a bug (which would be not good at all), or something that indicates my machine was compromised in some way (which would be less bad for everyone, yet much worse for myself)?
Appreciate any reply, I am really worried here.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

3 + 17 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.