Tor Browser 7.0.6 is released

by boklm | September 28, 2017

Tor Browser 7.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

[UPDATE: the dist server was temporarily messed up, but it should be better now. Sorry for the troubles!]

This release features important security updates to Firefox.

This release includes security updates for Firefox (52.4.0esr) and a new Tor stable version (0.3.1.7), the first one in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. Moreover, we fixed minor usability issues and a bug which, under particular circumstances, caused all tabs to crash after closing single one.

Note: The release date in the changelog displayed after the update is incorrect. The actual release date is September 28.

The full changelog since Tor Browser 7.0.5 is:

  • All Platforms
    • Update Firefox to 52.4.0esr
    • Update Tor to 0.3.1.7
    • Update Torbutton to 1.9.7.7
      • Bug 22542: Security Settings window too small on macOS 10.12 (fixup)
      • Bug 20375: Warn users after entering fullscreen mode
    • Update HTTPS-Everywhere to 2017.9.12
    • Update NoScript to 5.0.10
    • Bug 21830: Copying large text from web console leaks to /tmp
    • Bug 23393: Don't crash all tabs when closing one tab
  • OS X
    • Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
Tags
tor browser
tbb
tbb-7.0
Anonymous

JR (not verified) said:

September 30, 2017

Permalink

Browser won't update ("Failure (unknown reason)"). I've tried a buch of times on different days and circuits.
Using Tor 7.0.4 linux 64bit (20170202040101)

Is that still a problem for you? I just downloaded a "fresh" 7.0.4 and updated to 7.0.6 without problems on my 64bit Linux box. If the problem still persists could you set app.update.log to true and open the browser console (Ctrl+Shift+J) before you are starting the update to check whether you get some error messages in it?

Anonymous

googletor (not verified) said:

September 30, 2017

Permalink

Problem with google captcha. After successfully completing the Google captcha I get the following message even though I have allowed noscript to allow temporary scripts.

Our systems have detected unusual traffic from your computer network. Please try your request again later. Why did this happen?

IP address: 51.15.37.97
Time: 2017-10-01T04:37:52Z
URL: https://www.google.nl/search?q=nslookup+online&ie=utf-8&oe=utf-8&client…

Anonymous

Chuck Rhode (not verified) said:

September 30, 2017

Permalink

I'm not seeing a way to "temporarily enable *javascript* for ['this' or any particular] site." I believe there used to be some *noscript* menu options in the onion menu. These seem to be gone now on all security slider settings. Perhaps the new *noscript* has a different interface. Is there a *noscript* icon somewhere I should be clicking on?

Not today :-)

I could have sweared I restarted a couple of times the other day, though. Maybe I wasn't looking for the *noscript* icon in the right place then. Today it's showing (in spot 2 of 2) to the right of the *https everywhere* icon.

The *noscript* icon has its own context menu with the functionality I require.

Thanks for your response.

- do not restart : it does not work , it came from the update of noscript (5.1.1).
- download another tar.z : it works without trouble.
another funny bug : i do not remember how many i reported it since the beginning of the year , 10 ? 20 ? bug bounty should be less deaf about these alerts from users ... who give them a good opportunity to make money & have a job ... ;)

I actually think the NoScript icon (and NoScript working) is indeed coming back after a restart.

Regarding the bug bounty program: feel free to report your findings to hackerone.com/torproject and we'll look at them.

NoScript 5.1.1 icons and contextual menu disappear if you click "Forget about browsing history" *twice* in one session. NoScript appears to still be running. Reappear if you quit and restart. (Win 7)

Anonymous

Anonymous (not verified) said:

October 01, 2017

Permalink

You need to fix the add-on icon situation.
It's like every time I use Tor Browser for an extended period of time, after a while the add-ons (I think sometimes through updates) will change whether they're on left or right side, visible or non-visible (on the panel). This must have identification-implications. To solve this you should have some add-on wide rule (show all in panel vs hide all) that locks them like this and preventing add-on updates from changing this.

I think your latest issue is caused b< https://trac.torproject.org/projects/tor/ticket/23724 and we hope to have a fix for that one soon. Apart from that I am not aware of any icons floating around on the toolbar. It certainly did not happen to me over the years and we are trying to make sure the icons stay at their place. Do you have steps to reproduce the problems you have seen in the past?

Anonymous

Alan (not verified) said:

October 01, 2017

Permalink

Tor crashes / won't open until I disable Trusteer Rapport - A big problem as I need to remember to re-enable it

Anonymous

tortor (not verified) said:

October 01, 2017

Permalink

My Yosemite Mac has 2 torbrowser process when torbrowser is started up. Is this correct operation?

Yes, it shows that the content sandbox is active (which is good). The parent process which is responsible for all the browser menus and other privileged parts/code is starting the content process soon after start-up where all the websites run in. That allows to enforce security policies which should make it harder to exploit the browser.

Anonymous

Anonymous (not verified) said:

October 02, 2017

Permalink

This update skipped all the settings I had done manually in NoScript Options dialog menu. I disabled java and javascript much time before now and they were stored across all previous updates, but after this one I revealed that java and javascript were enabled again without any notification. (Button "Crossed S in the red circle" changed to "S! and no red circle")

I restored my settings immediately on noticing that the button changed to S! So I can't say how torbrowser would have behaved after restart in case I haven't touched settings. And yes, the (manually) restored settings are now persistent across restarts.

Anonymous

SMP (not verified) said:

October 02, 2017

Permalink

I just updated loaded 6.0,7 But when I started Tor it says I am out of date and is offering me a 61.1 MB update.
Does this make sense or am I being hacked?

After the update, which version number is showing up in the upper right corner on the about:tor page? If it is 7.0.6, do you still get the offer to update when you click on the hamburger menu on the right side of the toolbar and then on the "?" and then on "About Tor Browser"?

Noscript with more practicality(?) is working normal with JavaScript disabled in
about:config. HTTPS-Everywhere should do, too?
If not, may introduce a usefull setting for blocking ALL http-traffic in about:config?

JavaScript generally on for running WebExtensions is a .....little wild idea especially when you are running pure Firefox without NoScript.

Anonymous

tortor (not verified) said:

October 02, 2017

Permalink

I have noticed that the Tor circuit always shows "Bridge: Obfs4 (United States)", when I look at my "Tor circuit for this site". It never changes from (United States). Is that normal?

Anonymous

Anonymous (not verified) said:

October 03, 2017

Permalink

noscript doesn't block frames/iframes

You can try on ebay: Look for any item, click on any offer. Usually you get a description of the item/offer in an iframe. If frames and iframes are forbidden in the settings of noscript you will have to click on the noscript icon on the upper left corner of the frame in order to get the description of the item offered on ebay.. This works correctly with noscript 5.1.1 in a regular firefox, but not within tor browser. The last version of noscript did block the frames, but the noscript icon was missing. This behaviour seems to be due to the tor browser and / or the noscript version of tor browser, because it doesn't occur within the regular firefox.

Another point concernig noscript: On several sites you will see the bottom of the page instead of the top. Try it on: "http://www.duden.de/" – for instance. This behaviour seems to be due to noscript, because it has been occurring for several versions of noscript, both in the tor browser and the regular firefox