Hi all!
Tor Browser 7.0.10 is ready for testing. Bundles can be found on:
https://people.torproject.org/~boklm/builds/7.0.10-build2/
This release includes security updates for Firefox (52.5.0esr) and a new Tor stable version (0.3.1.8), the second one in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. For Windows users we backported patches from the alpha series that update the msvcr100.dll runtime library we include and which should make Tor Browser more robust against crashes due to misbehvaing third party software.
The full changelog since Tor Browser 7.0.9 is:
Tor Browser 7.0.10 -- November 14 2017 * All Platforms * Update Firefox to 52.5.0esr * Update Tor to 0.3.1.8 * Update Torbutton to 1.9.7.10 * Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi * Translations update * Update HTTPS-Everywhere to 2017.10.30 * Bug 24178: Use make.sh for building HTTPS-Everywhere * Update NoScript to 5.1.5 * Bug 23968: NoScript icon jumps to the right after update * Windows * Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds * Bug 23396: Update the msvcr100.dll we ship * Bug 24052: Block file:// redirects early
Georg
Georg Koppen:
Tor Browser 7.0.10 is ready for testing.
From Tails side, I just reported: https://trac.torproject.org/projects/tor/ticket/24243
From the testing I did today I can see that it actually started with 7.0.8, but we didn't notice it until now since neither 7.0.8 nor 7.0.9 were relevant for Tails. :/
Is this something you believe could be fixed before the final release?
Cheers!
anonym:
Georg Koppen:
Tor Browser 7.0.10 is ready for testing.
From Tails side, I just reported: https://trac.torproject.org/projects/tor/ticket/24243
From the testing I did today I can see that it actually started with 7.0.8, but we didn't notice it until now since neither 7.0.8 nor 7.0.9 were relevant for Tails. :/
Is this something you believe could be fixed before the final release?
Alas, no. The Torbutton issue is weird but even if we had fixed that one there is the breakage due to the workaround for #24052. We did not come up with a better one for that security issue in the short time we had.
I am not sure if we can do something for Tails in case Mozilla does not fix the problem soon. We might be able to think about choosing a preference-based approach and Tails can flip the pref accordingly given that it does not seem to be affected that badly from the underlying bug.
But that's not a decision and a patch for the last minute, I am afraid.
Georg