Tor Browser 7.0.4 is released

by boklm | August 08, 2017

Tor Browser 7.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor stable release (0.3.0.10) + an updated HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1).

In this new release we continue to fix regressions that happened due to the transition to Firefox 52. Most notably, we avoid the scary warnings popping up when entering passwords on .onion sites without a TLS certificate (bug 21321). Handling of our default start page (about:tor) has improved, too, so that using the searchbox on it is working again and it does no longer need enhanced privileges in order to function.

The full changelog since Tor Browser 7.0.2 (for Linux since Tor Browser 7.0.3) is:

  • All Platforms
    • Update Firefox to 52.3.0esr
    • Update Tor to 0.3.0.10
    • Update Torbutton to 1.9.7.5
      • Bug 21999: Fix display of language prompt in non-en-US locales
      • Bug 18913: Don't let about:tor have chrome privileges
      • Bug 22535: Search on about:tor discards search query
      • Bug 21948: Going back to about:tor page gives "Address isn't valid" error
      • Code clean-up
      • Translations update
    • Update Tor Launcher to 0.2.12.3
      • Bug 22592: Default bridge settings are not removed
      • Translations update
    • Update HTTPS-Everywhere to 5.2.21
    • Update NoScript to 5.0.8.1
      • Bug 22362: Remove workaround for XSS related browser freezing
      • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
    • Bug 21321: Exempt .onions from HTTP related security warnings
    • Bug 22073: Disable GetAddons option on addons page
    • Bug 22884: Fix broken about:tor page on higher security levels
  • Windows
    • Bug 22829: Remove default obfs4 bridge riemann.
    • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
    • Bug 22829: Remove default obfs4 bridge riemann.
Tags
tor browser
tbb
tbb-7.0
Anonymous

grateful tor user (not verified) said:

August 23, 2017

Permalink

dear tor, i found this surfing the deepweb and wanted you to know. don't know if its fake or real but you might know...

http://yjrb5bvdgbrs2rhi.onion

Experiments on realistic conditions
This contains the code we used for our paper, "On Realistically Attacking Tor with Website Fingerprinting."

We wrote "notes" for each of the following, which describes how to run and use the files:

Training update. For testing a training set updating scheme.
Splitting. For split finding, split decision, and pre-splitting. About 100 MB.
Classifier. Takes packet sequences collected in the wild as input, and performs time-based splitting, classification-based splitting, and kNN classification on them. About 700 MB.
Tor Logging. Implementation of Tor logging for the above. This is necessary for the file format required by the classifier. Note that the classifier is only allowed to look at time and direction; other information is not available to the website fingerprinting attacker.

Anonymous

itekweni (not verified) said:

August 23, 2017

Permalink

Just to mirror what everyone else has said about this fantastic Tor browser and the work done keeping it going...thank you very much

We do not recommend it. See for a broader discussion about the filtering topic https://www.torproject.org/projects/torbrowser/design/#philosophy section 5: No filters.

That said it should work if you really want that. What security slider level are you on (did you change it from the default) and on what operating system does this happen? Do you get an error or how else do you know it is not working?

Anonymous

littlepz (not verified) said:

August 28, 2017

Permalink

I'm still new to this and truly trying to understand the benefits and how it works. I saw something regarding Tor on Viceland and that is what led me here in the first place. I have downloaded the browser and am ready to use but am hoping someone in this thread will help me understand a little further.

Anonymous

Torguy (not verified) said:

August 28, 2017

Permalink

Can you tell me if its normal for the tor circuit to show "bridge OBFS4 (United States)" and other times it just shows "bridge OBFS4"

You mean you are using the same obfs4 bridge? That would be strange but I can imagine that the IP address of a different bridge can't properly be mapped to a country by the ip-country-database used for that and then nothing is added in parentheses.

Anonymous

HG (not verified) said:

August 30, 2017

Permalink

no way to get tor7 to work on debian wheezy. Not the downloadable packaged stand alone torbrowser, nor the installed tor and torbrowser launcher. The packaged just does not connect and does not give any errors, v6.5 works fine. The installed tor after updating and installing cannot connect with error: cannot reach host ipnumber:port. Disbaling the firewall makes no difference.

Anonymous

HG (not verified) said:

August 30, 2017

Permalink

I forgot to add that using obfs and bridges also made no difference, v7.04 cannot connect. v6.5 no problems whatsoever connects immediately and directly.

You downloaded Tor Browser from our website, right? Did you start it on the command line (in your tor-browser_en-US directory, assuming you have the en-US version) with something like ./start-tor-browser.desktop --debug --log? What output do you get?

Anonymous

fxg (not verified) said:

August 31, 2017

Permalink

Just want to say thanks for all the hard work, however after the new version i can not long run tor on a windows 10 PC tyr to reinstall and disable the FW/AV but now luck appears task manager then disappears, any one elase had this issue? (note: older versions work)

Anonymous

K H (not verified) said:

September 01, 2017

Permalink

7.0.4 crashed with

  1. <br />
  2. Sep 01 21:50:35.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.<br />
  3. Extension error: TypeError: browser.ownerGlobal is null chrome://browser/content/ext-utils.js 800<br />
  4. [[Exception stack<br /><a href="mailto:getBrowserId@chrome" rel="nofollow">getBrowserId@chrome</a>://browser/content/ext-utils.js:800:9<br />
  5. @chrome://browser/content/ext-tabs.js:79:26<br /><a href="mailto:runSafeSyncWithoutClone@resource" rel="nofollow">runSafeSyncWithoutClone@resource</a>://gre/modules/ExtensionUtils.jsm:71:14<br />
  6. emit/promises<@resource://gre/modules/ExtensionUtils.jsm:384:55<br /><a href="mailto:emit@resource" rel="nofollow">emit@resource</a>://gre/modules/ExtensionUtils.jsm:383:20<br />
  7. WebRequestEventManager/register/<a href="mailto:listener@chrome" rel="nofollow">listener@chrome</a>://extensions/content/ext-webRequest.js:51:7<br /><a href="mailto:runChannelListener@resource" rel="nofollow">runChannelListener@resource</a>://gre/modules/WebRequest.jsm:721:24<br /><a href="mailto:observe@resource" rel="nofollow">observe@resource</a>://gre/modules/WebRequest.jsm:504:9<br />
  8. Current stack<br /><a href="mailto:runSafeSyncWithoutClone@resource" rel="nofollow">runSafeSyncWithoutClone@resource</a>://gre/modules/ExtensionUtils.jsm:73:129<br />
  9. emit/promises<@resource://gre/modules/ExtensionUtils.jsm:384:55<br /><a href="mailto:emit@resource" rel="nofollow">emit@resource</a>://gre/modules/ExtensionUtils.jsm:383:20<br />
  10. WebRequestEventManager/register/<a href="mailto:listener@chrome" rel="nofollow">listener@chrome</a>://extensions/content/ext-webRequest.js:51:7<br /><a href="mailto:runChannelListener@resource" rel="nofollow">runChannelListener@resource</a>://gre/modules/WebRequest.jsm:721:24<br /><a href="mailto:observe@resource" rel="nofollow">observe@resource</a>://gre/modules/WebRequest.jsm:504:9<br />
  11. ]]<br />
  12. Sep 01 21:57:42.000 [notice] Owning controller connection has closed -- exiting now.<br />
  13. Sep 01 21:57:42.000 [notice] Catching signal TERM, exiting cleanly.<br />
  14. windows.onRemoved event fired after context unloaded.<br />
  15. [Parent 20315] WARNING: waitpid failed pid:20398 errno:10: file /home/debian/build/tor-browser/ipc/chromium/src/base/process_util_posix.cc, line 268ng on Linux with Libevent

Anonymous

Anon (not verified) said:

September 01, 2017

Permalink

there are still some problems with loading, idk if it's with my internet or international servers, but i'm just letting you know that it's abnormal compared to other ways of browsing. this usually occurs when entering links presented on search engines. thank you

Anonymous

no mountable f… (not verified) said:

September 08, 2017

Permalink

i get the same error
in the mac disk image mounter
for tor dmgs since half a year:

image could no be mounted

no mountable file system

all other dmgs work fine

osx 10.9

i have completly unistalled tor and wanted to reinstall it.

i downloaded and unzipped wit various browsers languages programs

Anonymous

Piet S (not verified) said:

September 18, 2017

Permalink

I have downloaded Tor-Browser 7.0.4 and discovered right after installing this browser
in Resource Monitor - a tool in map system 32 of Windows - that more then 30 ip-addresses
were connected with Tor.exe.
These ip-addresses don't appear after installing Tor-Browser and I wonder if this is a security shortcoming .
These ip-addresses can connect to Tor.exe any time and overlook coonection tot he internet.

Anonymous

OZZY5271 (not verified) said:

November 03, 2017

Permalink

I just wanted to say Thank You So Much. I wish I had money to help out, but the best I can do is offer my computer as a guinea pig and try out the beta version.
Thanks again, and so far everything is working great!

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

About text formats
CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.