Tor Browser 7.5a1 is released

Tor Browser 7.5a1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 7.5a1 is the first alpha in the 7.5 series. It updates Firefox to 52.2.0esr and contains all the improvements that went into versions 7.0 and 7.0.1. In addition to that it includes Tor version 0.3.1.3-alpha and sandboxed-tor-browser version 0.0.7.

Here is the full changelog since 7.0a4:

  • All Platforms
    • Update Firefox to 52.2.0esr
    • Update Tor to 0.3.1.3-alpha
    • Update Torbutton to 1.9.7.4
      • Bug 22542: Security Settings window too small on macOS 10.12
      • Bug 22104: Adjust our content policy whitelist for ff52-esr
      • Bug 22457: Allow resources loaded by view-source://
      • Bug 21627: Ignore HTTP 304 responses when checking redirects
      • Bug 22459: Adapt our use of the nsIContentPolicy to e10s mode
      • Translations update
    • Update Tor Launcher to 0.2.12.2
      • Bug 22283: Linux 7.0a4 is broken after update due to unix: lines in torrc
      • Translations update
    • Update HTTPS-Everywhere to 5.2.18
    • Update NoScript to 5.0.5
    • Update sandboxed-tor-browser to 0.0.7
    • Bug 22362: NoScript's XSS filter freezes the browser
    • Bug 21766: Fix crash when the external application helper dialog is invoked
    • Bug 21886: Download is stalled in non-e10s mode
    • Bug 22333: Disable WebGL2 API for now
    • Bug 21861: Disable additional mDNS code to avoid proxy bypasses
    • Bug 21684: Don't expose navigator.AddonManager to content
    • Bug 21431: Clean-up system extensions shipped in Firefox 52
    • Bug 22320: Use preference name 'referer.hideOnionSource' everywhere
    • Bug 16285: Don't ship ClearKey EME system and update EME preferences
    • Bug 21972: about:support is partially broken
    • Bug 21323: Enable Mixed Content Blocking
    • Bug 22415: Fix format error in our pipeline patch
    • Bug 21862: Rip out potentially unsafe Rust code
    • Bug 16485: Improve about:cache page
    • Bug 22462: Backport of patch for bug 1329521 to fix assertion failure
    • Bug 22458: Fix broken `about:cache` page on higher security levels
    • Bug 18531: Uncaught exception when opening ip-check.info
    • Bug 18574: Uncaught exception when clicking items in Library
    • Bug 22327: Isolate Page Info media previews to first party domain
    • Bug 22452: Isolate tab list menuitem favicons to first party domain
    • Bug 15555: View-source requests are not isolated by first party domain
    • Bug 5293: Neuter fingerprinting with Battery API
    • Bug 22429: Add IPv6 address for Lisbeth:443 obfs4 bridge
    • Bug 22468: Add default obfs4 bridges frosty and dragon
  • Windows
  • OS X
    • Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0
  • Linux
    • Bug 16285: Remove ClearKey related library stripping
    • Bug 21852: Don't use jemalloc4 anymore
  • Android
    • Bug 19078: Disable RtspMediaResource stuff in Orfox

This seems like a Go runtime bug.

According to the issue tracker, they "fixed" something like this in the Go 1.4 timeframe (https://github.com/golang/go/issues/8006), so it shouldn't happen, but I don't have sufficient familiarity with Windows to be able to see if the fix is sufficient, nor a Windows system to reproduce/debug the issue.

Sorry.

Huh? That's basically totally irrelevant because Tor Browser likely won't build on a non-64 bit system anyway, just from lack of memory. As of Tor Browser 7.0, SSE2 is mandatory on Windows anyway, so if anything `GO386=sse2` should be the fix for this.

Irrelevant to what? To Linux builds of obfs4proxy? As of Tor Browser 7.0, SSE2 is mandatory on Windows for %#$ing google's ANGLE only (thanks to gk), so if anything `GO386=sse2` should be the great symbol of incompetence (especially, since google auto-set it for cross-compiles).

> When did this thread switch to Linux from Dr Watson and the Windows PT build descriptor?
"Also it immediately crashes with Illegal Instruction on systems without SSE2."
On systems, not only on Windows.

Anonymous

July 01, 2017

Permalink

Disable https-everywhere and enable:
21:17:35.455 TypeError: this.targets is undefined 1 HTTPSRules.js:601:9
HTTPSRules.rulesetsByTarget chrome://https-everywhere/content/code/HTTPSRules.js:601:9
HTTPSRules.potentiallyApplicableRulesets/attempt< chrome://https-everywhere/content/code/HTTPSRules.js:634:31
bound self-hosted:915:17
HTTPSRules.potentiallyApplicableRulesets chrome://https-everywhere/content/code/HTTPSRules.js:637:5
ApplicableList.prototype.populate_menu chrome://https-everywhere/content/code/ApplicableList.js:166:19
show_applicable_list chrome://https-everywhere/content/toolbar_button.js:343:3
onpopupshowing chrome://browser/content/browser.xul:1:1

you guys messed up something with your latest tor browser 7.0.2 updates. now it's screaming on microdesks etc in the log... Also I have experienced browser hang right just before the updates. Don't remember the site name but browser just frizzed in place. Maybe it's because I experimented with jumbo frames in 7KB on my adapter, not rly sure.

Anyway, pls fix the problems with microdesks.

First, please post this in the blog post for the Tor Browser version that it's talking about. Otherwise nobody is going to be able to follow along. :)

And second, without any more details, I don't think anybody will be able to help you.

Can you try to reproduce it, and narrow down what it might be, and then open a ticket on https://bugs.torproject.org/ ?

Am using Tor 7.5a2 on a Mac Sierra 10.12.6, downloaded the dmg file, unpacked on the desktop and dropped into the Applications folder. There is no "torrc" file to edit in order to specify an exit node.

Any clues out there? Thank you.

Where have you looked for that file? Does any torrc file show up after you have started Tor Browser once?

i was wondering if tor works against zscaler? any information is appreciated.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 16 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.