[tor-project] September 2017 Report for the Tor Browser Team

Georg Koppen gk at torproject.org
Thu Oct 5 15:23:00 UTC 2017


In September the Tor Browser team made three releases: Tor Browser
7.0.5[1], 7.0.6[2], and 7.5a5[3].

Tor Browser 7.0.5 fixed an incompatibility of HTTPS-Everywhere with
higher security slider levels in Tor Browser.[4] In fact, it made Tor
Browser compatible with any WebExtension not just that one.

7.0.6 and 7.5a5 picked up new Tor versions ( and
respectively) and above all the usual Firefox security updates by
including Firefox 52.4.0esr. Worth noting for both versions as well is a
fix for a crash bug that could kill all tabs if one closed a single tab.[5]

Tor Browser 7.5a5 contains for the first time content sandboxing in
Firefox enabled on Windows and Linux. Please give it a test as we
want to have this feature on the stable channel as soon as we can.
Included in this alpha, too, is a patch that will hopefully help our
users who run into crashes on Windows by backporting Mozilla code for
blocking libraries that are known to interfere with Firefox processes.[6]

Apart from the release related work we focused on remaining Sponsor4
items. In particular, we finally switched to our new, rbm-based build
system which we used for the first time for official builds when
preparing the packages for Tor Browser 7.5a5.[7] We made progress as
well working on 64-bit builds for Windows[8][9] and testing UBSan for
finding bugs that are the result of undefined behavior[10]. Our
improvements to the Tor Launcher UI are starting to emerge, too, thanks
to the collaboration with the UX team.[11][12]

The full list of tickets closed by the Tor Browser team in September is
accessible using the `TorBrowserTeam201709` keyword in our bug tracker.[13]

In October we plan to finish our Tor Launcher UI improvements, get our
Security Slider update done[14] and will hopefully have some Tor Browser
nightly builds for 64bit Windows available. We'll continue testing
further Tor Browser hardening techniques like UBSan, STACK[15], and
Intel's MPX[16] and start experimenting with improving our bridge
distribution in Tor Launcher[17].

All tickets on our radar for this month can be seen with the
`TorBrowserTeam201710` keyword in our bug tracker.[18]


[1] https://blog.torproject.org/tor-browser-705-released
[2] https://blog.torproject.org/tor-browser-706-released
[3] https://blog.torproject.org/tor-browser-75a5-released
[4] https://trac.torproject.org/projects/tor/ticket/23258
[5] https://trac.torproject.org/projects/tor/ticket/23393
[6] https://trac.torproject.org/projects/tor/ticket/23582
[7] https://trac.torproject.org/projects/tor/ticket/23213
[8] https://trac.torproject.org/projects/tor/ticket/23228
[9] https://trac.torproject.org/projects/tor/ticket/23229
[10] https://trac.torproject.org/projects/tor/ticket/12418
[11] https://trac.torproject.org/projects/tor/ticket/23262
[12] https://trac.torproject.org/projects/tor/ticket/23261
[14] https://trac.torproject.org/projects/tor/ticket/23409
[15] https://trac.torproject.org/projects/tor/ticket/12420
[16] https://trac.torproject.org/projects/tor/ticket/16352
[17] https://trac.torproject.org/projects/tor/ticket/23136

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20171005/50c2d56c/attachment.sig>

More information about the tor-project mailing list