Tor Browser 7.0.11 is released

Tor Browser 7.0.11 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox and fixes vulnerabilities in Tor. All users are encouraged to update as soon as possible.

This release updates Firefox to version 52.5.2esr and Tor to version 0.3.1.9. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship.

The full changelog since Tor Browser 7.0.10 is:

  • All Platforms
    • Update Firefox to 52.5.2esr
    • Update Tor to 0.3.1.9
    • Update HTTPS-Everywhere to 2017.12.6
    • Update NoScript to 5.1.8.1
Anonymous

December 27, 2017

Permalink

Can another track you, if you visit an adult site? What do they used this information for? Can anyone help/. I'm not going to lie, I have visit a site or 2. I have looked in. lollll, I don't want it to mess up my career.

Anonymous

December 30, 2017

Permalink

I can't use twitter at all. I've got "allow scripts globally" enabled and all objects unblocked, but none of the buttons work: Tweet, Retweet, Like, Edit Profile, arrows for drop-down menus etc etc. I click and they get highlighted but nothing happens.

Yes, but it seems Tor Browser does not know the authority that signed the certificate and is throwing the error for that reason. I hope Mozilla fixes this in one of the upcoming Firefox versions as a regular Firefox 52 is affected, too.

Anonymous

January 03, 2018

Permalink

Tried to donate but kept getting error stating my card (mastercard) was declined and this should not be so as the card is in completely good standing...must be on your side...please fix and i will try again. Let me know. Thanks

Anonymous

January 04, 2018

Permalink

Meltdown and Spectre
i would like to read an official announcement.
is tbb affected? any security advisories? javascript?

We think we are not in a bad shape (as in: we don't need to do an urgent security release) as we are a) on Firefox 52 ESR which does not have SharedArrayBuffers available and b) as we have reduced various timing sources to 100ms in the past to make it harder for any timing side-channel attack to succeed. Work remains to be done, though.

Mozilla has an official announcement which is worth reading: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-cl…

Anonymous

January 10, 2018

Permalink

When you use a new identity, noscript continues to allow scripts that were temporarily enabled using the old identity (but the user interface incorrectly shows that these scripts are blocked)!

I conclude that there is some information retained across identities and the profile is not properly reset though I don't know if this is specific only to noscript or also extends to other areas of the browser.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.