TOR Tor Browser 7.0a2-hardened is released

Discussion in 'TOR | TAILS' started by survivalmonkey, Mar 8, 2017.

  1. survivalmonkey

    survivalmonkey Monkey+++

    A new hardened Tor Browser release is available. It can be found in the 7.0a2-hardened distribution directory and on the download page for hardened builds.

    This release features important security updates to Firefox.

    This hardened alpha release mainly contains updates to several of our Tor Browser components: Firefox got updated to 45.8.0esr, Tor to, OpenSSL to 1.0.1k, and HTTPS-Everywhere to 5.2.11.

    Additionally, we updated the bridges we ship with Tor Browser and fixed some regressions that came with our last release.

    In the previous release we introduced filtering of content requests to resource:// and chrome:// URIs in order to neuter a fingerprinting vector. This change however breaks the Session Manager addon. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that can now toggle the 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' preference, setting it to 'true' to disable our defense against this type of fingerprinting.

    Another known regression is the resizing of the window. We are currently working on a fix for this issue.

    The full changelog since Tor Browser 7.0a1-hardened is:

    • All Platforms
      • Update Firefox to 45.8.0esr
      • Tor to
      • OpenSSL to 1.0.2k
      • Update Torbutton to
        • Bug 21396: Allow leaking of resource/chrome URIs (off by default)
        • Bug 21574: Add link for zh manual and create manual links dynamically
        • Bug 21330: Non-usable scrollbar appears in tor browser security settings
        • Bug 21324: Don't update NoScript button with timer update
        • Translation updates
      • Update HTTPS-Everywhere to 5.2.11
      • Bug 21514: Restore W^X JIT implementation removed from ESR45
      • Bug 21536: Remove scramblesuit bridge
      • Bug 21342: Move meek-azure to the backend and cymrubridge02 bridge
      • Bug 21326: Update the "Using a system-installed Tor" section in start script
    • Build system
      • Bug 17034: Use our built binutils and GCC for building tor
      • Code clean-up

    Continue reading...
survivalmonkey SSL seal warrant canary