Tor Browser 7.0.2 is released
This release features an important security update to Tor.
We are updating Tor to version 0.3.0.9, fixing a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This release also updates HTTPS-Everywhere to 5.2.19.
Here is the full changelog since 7.0.1:
- All Platforms
- Update Tor to 0.3.0.9, fixing bug #22753
- Update HTTPS-Everywhere to 5.2.19
Someone went and filed: https://trac.torproject.org/projects/tor/ticket/22900
I went and filed/fixed: https://trac.torproject.org/projects/tor/ticket/22899
> Maybe you could remove this in the upcoming releases since you are already heavily altering the FF code?
This is hard, because it's server side behavior. For what it's worth git master of the Linux sandbox now "solves" this by totally breaking the `about:addons` "Get Addons" pane unless users explicitly (and unwisely) choose to allow Tor Browser to write to the extensions directory.