Tor Browser 7.0.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This is the first minor release in the 7.0 series, updating Firefox to 52.2.0esr, Tor to 0.3.0.8, and HTTPS-Everywhere to 5.2.18. Additionally, we worked around an annoying freezing of Tor Browser which is due to a NoScript bug and made the security slider window slightly larger.

Here is the full changelog since 7.0:

  • All Platforms
    • Update Firefox to 52.2.0esr
    • Update Tor to 0.3.0.8
    • Update Torbutton to 1.9.7.4
      • Bug 22542: Security Settings window too small on macOS 10.12
    • Update HTTPS-Everywhere to 5.2.18
    • Bug 22362: NoScript's XSS filter freezes the browser
  • OS X
    • Bug 22558: Don't update OS X 10.7.x and 10.8.x users to Tor Browser 7.0

Comments

TOR is by far one of the best internet tools i have ever come across, thank you guys, keep up the good work.

Anonymous

Submitted by ian sinclair (not verified) on June 15, 2017

Permalink

es una mierda mi antivirus lo detecta como un virus con troyanos tr/atraps.gen2 mejor pongan una opcion para bloquear actualizaciones automaticas

Anonymous

Submitted by rompechochas (not verified) on June 15, 2017

Permalink

using torbrowser 7.0.1 at ipcheck.info,, authentication shows in red [bad]
why is this? is cause for concern?

Anonymous

Submitted by Anonymous (not verified) on June 13, 2017

Permalink

But I think there is real problem when I closed all tabs, cleaned cache web content, changed tor circuit and if I reloaded ipcheck.info it shows me the same unique ID number of authentication until I quit torbroser.

Let's assume you have domain A in your URL bar which embedds an iframe C doing the tracking trick ip-check.info deploys. In Tor Browser < 7 we did not allow A reading authentication credentials C tried to set which is why the ip-check test showed a green result. Think about forbidding 3rd party cookies which is basically the same. Now while this is blocking tracking across domains (e.g. if C were embedded in a different URL bar domain B as well) the downside is that it may break some sites, e.g. if A tries to access that information which is usually available.

In Tor Browser 7 we changed that by allowing A to access the HTTP auth saved by C which is all the ip-check test checks (and hence is showing you the scary warning now) BUT we prevented at the same time B from reading that value saved by C formerly while the user has been on A. Thus, tracking across domains (across A and B) is prevented, but the ip-check needs an update to take that into account. If you want to have a test, take the one Arthur has written in https://trac.torproject.org/projects/tor/ticket/21756#comment:2. It's not so fancy, yes, but it tests what is actually happening.

thanks for another great release! tracking mozilla's release cycle so closely is exciting and much appreciated

Anonymous

Submitted by DJT (not verified) on June 13, 2017

Permalink

For some reason I cannot get the Mac version of TOR 7.0.1 to download. Tried it multiple times with no success. The file directory page shows the file links are broken. I've been using the the 7.0.1a RC version for some time now without issue.

Anonymous

Submitted by Anonymous (not verified) on June 13, 2017

Permalink

has anybody had experience with protonmail issues? since version 7.0 there are some performance problems. works still with older versions before 7.0

Anonymous

Submitted by whatasay (not verified) on June 13, 2017

Permalink

Yes, you should set the security slider to low to get it to work without issues.

It's because in the Medium settings JS JIT (Just-in-time compilation) is disabled.

I think that since v7 some site don't work as they used to. For example, some images aren't loaded or the layout of some sites looks different.

Also, taking a screenshot using shift+F2 doesn't work the same as before, for example the dpr or the fullscreen switches don't work, and you don't get the option to select the path of the file.

I think that the first part was due to cloudflare messing things up, maybe more aggressively than how it used to.

The second part is easily reproduced, for example Shift+F2, then 'screenshot test.png --fullscreen'

Which operating system is that? FWIW there is no --fullscreen option it seems. I guess you mean --fullpage? Testing on a Linux box I have both options available. But, yes, there is no option to select the path to save the item. But that is not available with a vanilla Firefox as well it seems.

Tested on a Windows 7 machine both with normal Firefox and with Tor Browser 7: the result is the same for me. Both options are there, the fullpage mode is working and in both browsers there is no prompt for the path. What steps to reproduce your problem am I missing?

v7.0 & v7.0.1 - neither one can I save any image files to disc. v6.5.2 works fine. No modifications or changes to the settings, whatsoever.

Anyone with this same issue?

Anonymous

Submitted by STUMPY (not verified) on June 13, 2017

Permalink

Maybe, but only with video.

NoScript requires the video to be blocked, you mustn't have allowed a temporary permission for it, in order to successfully download the file. Otherwise, it may ask you where to save it but not actually download it. This is a regression by the way.

I tested downloading an image with high security settings and it worked. Have you changed any settings to TorBrowser or NoScript?

Yes.

1. Go to: https://gemmei.ftp.acc.umu.se/pub/debian-meetings/2016/miniconf_cambrid…, NoScript will display the video as a blocked object.
2. Click on the object and allow the video to play.
3. Right click "Save Video As...", choose a location, and accept.
4. Open "about:downloads" to verify the video isn't downloading.
5. Now, right click anywhere and under the NoScript menu click "Revoke Temporary Permissions".
6. Repeat step 1, you will presented with the blocked object. Right click on that object and choose "Save Link As...", accept.
7. Open "about:downloads" and verity the video is now downloading.

linux64, it would blow my mind if this was linux specific, though.

And if I may, I'll sneak another minor bug report in, when running tor-browser with "./start-tor-browser.desktop --detach --log" two "tor-browser.log" files are created, one inside "tor-browser_en-US/", the current working directory, which is where it should be, and an empty one in the users home dir. That one shouldn't be there.

Thanks!

I just did some testing, the problem is somewhere in "start-tor-browser.desktop".

This is what I did: extracted the tor-browser tarball into the home dir, changed the working directory to ~/tor-browser_en-US, ran "./start-tor-browser.desktop --log --detach". The extra empty log file was there. I also tried swapping '--log' and '--detach', and not changing the working directory from home, it still happened.

If I run "~/tor-browser_en-US/Browser/start-tor-browser --log --detach" directly, then only one log file is created.

I don't use *.desktop files so I may be way off, but isn't '--detach' implied? I don't know how options are being passed to 'start-tor-browser', if at all, but maybe it's running '--detach' twice?

Avast(antivirus) flipped out on tor after it updated to 7.0.1 for me, same with the 7.0.1 installer. (Both got were "IDP generic Infection") Now I can't even download the installer (Avast is blocking it), what do I do?

Anonymous

Submitted by Anonymous (not verified) on June 13, 2017

Permalink

Cloudflare is going crazy again?
Can't goto theregister.co.uk with tbb7.0.1, tested without javascript.
Is this the permanent state of affairs now?

Anonymous

Submitted by Anonymous (not verified) on June 13, 2017

Permalink

I see this.
"Please turn JavaScript on and reload the page.
DDoS protection by Cloudflare"
but I don't go to theregister regularly.

Add new comment

About text formats
CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

2 + 6 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.