[tor-announce] Tor Browser 7.0.4 is released

Nicolas Vigier boklm at mars-attacks.org
Tue Aug 8 18:10:12 UTC 2017


Tor Browser 7.0.4 is now available from the Tor Browser Project page [1]
and also from our distribution directory [2].

    1: https://www.torproject.org/download/download-easy.html
    2: https://www.torproject.org/dist/torbrowser/7.0.4/

This release features important security updates [3] to Firefox.

    3: https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/

A lot of Tor Browser components have been updated in this release. Apart
from the usual Firefox update (to 52.3.0esr) we include a new Tor stable
release (0.3.0.10) + an updated HTTPS-Everywhere (5.2.21) and NoScript
(5.0.8.1).

In this new release we continue to fix regressions that happened due to
the transition to Firefox 52. Most notably, we avoid the scary warnings
popping up when entering passwords on .onion sites without a TLS
certificate (bug 21321 [4]). Handling of our default start page (about:tor)
has improved, too, so that using the searchbox on it is working again
and it does no longer need enhanced privileges in order to function.

    4: https://trac.torproject.org/projects/tor/ticket/21321

The full changelog since Tor Browser 7.0.2 (for Linux since Tor Browser
7.0.3) is:

 * All Platforms
   * Update Firefox to 52.3.0esr
   * Update Tor to 0.3.0.10
   * Update Torbutton to 1.9.7.5
     * Bug 21999: Fix display of language prompt in non-en-US locales
     * Bug 18193: Don't let about:tor have chrome privileges
     * Bug 22535: Search on about:tor discards search query
     * Bug 21948: Going back to about:tor page gives "Address isn't valid" error
     * Code clean-up
     * Translations update
   * Update Tor Launcher to 0.2.12.3
     * Bug 22592: Default bridge settings are not removed
     * Translations update
   * Update HTTPS-Everywhere to 5.2.21
   * Update NoScript to 5.0.8.1
     * Bug 22362: Remove workaround for XSS related browser freezing
     * Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
   * Bug 21321: Exempt .onions from HTTP related security warnings
   * Bug 22073: Disable GetAddons option on addons page
   * Bug 22884: Fix broken about:tor page on higher security levels
 * Windows
   * Bug 22829: Remove default obfs4 bridge riemann.
   * Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
 * OS X
   * Bug 22829: Remove default obfs4 bridge riemann.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20170808/56cb297c/attachment.sig>


More information about the tor-announce mailing list