Tor Browser 7.5a4 is released

Tor Browser 7.5a4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor alpha release (0.3.1.5-alpha) + an updated OpenSSL (1.0.2l), HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1). We also update sandboxed-tor-browser (to 0.0.12).

The major new features in this alpha release are selfrando support for 32bit Linux systems, Snowflake support for macOS, and a patch that fixes a lot of our problems with the external helper app dialog. In particular, downloading files via the pdf viewer should work again. As we do in the stable series, we also avoid scary warnings popping up when entering passwords on .onion sites without a TLS certificate. We are also testing a better Tor Browser hardening on Windows by using a newer compiler for our Windows builds. If you encounter any issues that could be caused by the new compiler, we want to know about it!

The full changelog since Tor Browser 7.5a2 (for Linux since Tor Browser 7.5a3) is:

  • All Platforms
    • Update Firefox to 52.3.0esr
    • Update Tor to 0.3.1.5-alpha
    • Update OpenSSL to 1.0.2l
    • Update Torbutton to 1.9.8
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Bug 22542: Resize slider window to work without scrollbars
      • Bug 21999: Fix display of language prompt in non-en-US locales
      • Bug 18913: Don't let about:tor have chrome privileges
      • Bug 22535: Search on about:tor discards search query
      • Bug 21948: Going back to about:tor page gives "Address isn't valid" error
      • Code clean-up
      • Translations update
    • Update Tor Launcher to 0.2.12.3
      • Bug 22592: Default bridge settings are not removed
      • Translations update
    • Update HTTPS-Everywhere to 5.2.21
    • Update NoScript to 5.0.8.1
      • Bug 22362: Remove workaround for XSS related browser freezing
      • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
    • Update sandboxed-tor-browser to 0.0.12
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 21321: Exempt .onions from HTTP related security warnings
    • Bug 21830: Copying large text from web console leaks to /tmp
    • Bug 22073: Disable GetAddons option on addons page
    • Bug 22884: Fix broken about:tor page on higher security levels
    • Bug 22829: Remove default obfs4 bridge riemann.
  • Windows
    • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
  • Linux
    • Bug 22832: Don't include monthly timestamp in libwebrtc build output
    • Bug 20848: Deploy Selfrando in 32bit Linux builds
  • Build system
    • Windows
    • Linux
Anonymous

August 15, 2017

Permalink

I am getting Trend Micro tell me that update is posing a threat to my system and is deleting both firefox and tor from my system

This sounds like a Trend Micro problem. Antivirus software really hates Tor Browser. Every new release there's people complaining about their favorite antivirus software breaking Tor Browser. Or complaining about a broken Tor Browser but not knowing why it is broken.

Anonymous

August 16, 2017

Permalink

---------------------------------------------------------------------------------------
- sandbox : 0.0.12
- updated : 7.0.4
-
- but yesterday it was 7.5.a4 (We also update sandboxed-tor-browser to 0.0.12).
- have you downgrade it or is it a bug, a hack ?
- if it is a hack you should think twice before promoting Tor ...
- firefox : 52.3
- https-everywhere : 5.2.21
- noscript : 5.0.8.1
-
- conflict with Tor Browser 7.0.4 : noscript & https-everywhere broken !
---------------------------------------------------------------------------------------

Now i must purge both and only choose one for a new install but whitch ?

7.5a4 is an alpha (testing) release. You can tell that it's an alpha, because there is an "a" in the version.

7.0.4 is a stable release. You can tell that it's not an alpha release, because there is no "a" in the version.

When first installing a browser bundle via the sandbox, it prompts you to pick between "release" (aka stable, in this case 7.0.4) or "alpha" (7.5a4), and will install the latest version of the particular series and keep it up to date.

For what it's worth 7.0.4 works fine for me, both with a bundle that's been incrementally upgraded for a while, and with a fresh install. And 7.5a4 appears to work from a fresh install as well.

In general people will probably have a better experience with the stable bundle, because that's what I use. If people want to see the alpha better supported, then people should fund development.

i do agree _like most users_ but ... when a suspicious behavior of a soft happens ; i must report it :
- SandBox7.5a4 : an update downgrades it as 7.0.4 (2 days ago)_works fine/not broken
- TorBrowser-7.0.4 : broken (2 days ago).
is it related at selinux, apparmor, tomoyo ? is it related at my work on my computer/console in the same time ? is it a bug ? is is it a bad coding or an attack ?
i report it for improving your work not for criticize / calumny/ hurt you _ team & project included_.
it is not at all normal that an update downgrades Tor-sandbox & breaks my TorBundle_stable (moved in another folder); i do repeat it , something is wrong.
Sorry for the misunderstanding & the inconvenience.

# When first installing a browser bundle via the sandbox, it prompts you to pick between "release" (aka stable, in this case 7.0.4) or "alpha" (7.5a4), and will install the latest version of the particular series and keep it up to date.
No, that's wrong ; i install 0.0.12 as alpha (unstable/unsecure) = 7.5a4 : none choice/option is shown & the latest version is not 7.0.4 !
ho !!! grrr ...
Installing 2 versions (TorBundle & Tor-Sandbox) does not work at all ...
red avert : you do ask to be involved and you do not accept the answers when it does not give you an advantage or a good reputation : bad,sneak,nasty,undeveloped mind.

Anonymous

August 17, 2017

Permalink

my trend micro antivirus software deletes tor browser (not entirely, but it deletes some files saying they contain visurses: heu_cdpl...)

This sounds like a Trend Micro problem. Antivirus software really hates Tor Browser. Every new release there's people complaining about their favorite antivirus software breaking Tor Browser. Or complaining about a broken Tor Browser but not knowing why it is broken.

Anonymous

August 21, 2017

Permalink

14:30:31.152 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…

Date: Mon Aug 21 2017 14:30:14 GMT+0000 (UTC)
Full Message: TypeError: inspector is undefined
Full Stack: nsContextMenu.prototype.inspectNode/<@chrome://browser/content/nsContextMenu.js:576:11
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:932:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:813:7
this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
1 nsContextMenu.js:576

Anonymous

August 21, 2017

Permalink

1503346952700 addons.webextension. WARN Loading extension 'null': Reading manifest: Error processing permissions.1: Unknown permission "privacy"
1503346966700 addons.webextension. WARN Loading extension 'null': Reading manifest: Error processing devtools_page: An unexpected property was found in the WebExtension manifest.

Anonymous

August 23, 2017

Permalink

08:37:21.629 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…

Date: Wed Aug 23 2017 08:37:07 GMT+0000 (UTC)
Full Message: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [imgIRequest.image]
Full Stack: JS frame :: chrome://browser/content/content.js :: PageInfoListener.serializeElementInfo :: line 1279
JS frame :: chrome://browser/content/content.js :: PageInfoListener.getMediaItems/addImage :: line 1170
JS frame :: chrome://browser/content/content.js :: PageInfoListener.getMediaItems :: line 1204
JS frame :: chrome://browser/content/content.js :: PageInfoListener.processFrames :: line 1144
JS frame :: resource://gre/modules/Task.jsm :: TaskImpl_run :: line 319 1 content.js:1279

Anonymous

August 23, 2017

Permalink

17:02:19.418 TypeError: parentWin.torbutton_get_property_string is not a function 1 external-app-blocker.js:92:17

Anonymous

August 23, 2017

Permalink

According to console.log NoScript also uses moz-extension://c576e1fa-1243-4695-8cc2-c924a0b93789/legacy.js
That means it doesn't block such addresses when configured properly.

Anonymous

September 03, 2017

Permalink

I'm no programmer, but it looks like you folks are constantly improving TOR. When I learned that Google was doing the nasty's, I started using TOR more often to keep unwanted critters out of my life. Thanks for all your dedication and hard work.

Anonymous

September 04, 2017

Permalink

TypeError: can't access dead object
Stack trace:
getRootBindingParent@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/layout/utils.js:504:7
isAnonymous@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/layout/utils.js:539:31
WalkerActor<.attachElements@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/inspector.js:1058:46
WalkerActor<.attachElement@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/inspector.js:1037:33
WalkerActor<.findInspectingNode@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/actors/inspector.js:1494:12
generateRequestHandlers/ resource://devtools/shared/protocol.js:1042:19
onPacket@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/main.js:1743:15
ChildDebuggerTransport.prototype.receiveMessage@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/transport/transport.js:761:7
protocol.js:906
A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…

Date: Mon Sep 04 2017 18:10:49 GMT+0000 (UTC)
Full Message: Protocol error (unknownError): can't access dead object
Full Stack: JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: PendingErrors.register :: line 194
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.completePromise :: line 715
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: Handler.prototype.process :: line 968
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.walkerLoop :: line 813
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.scheduleWalkerLoop/< :: line 747

Anonymous

September 07, 2017

Permalink

[09-07 14:09:16] Torbutton INFO: controlPort >> 650 STREAM 30 DETACHED 7 aus1.torproject.org:443 REASON=END REMOTE_REASON=RESOURCELIMIT

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.