Tor Browser 7.5.6 is now available from the Tor Browser Project page [1]
and also from our distribution directory.
1: https://www.torproject.org/download/download-easy.html
2: https://www.torproject.org/dist/torbrowser/7.5.6/
This release features important security updates [3] to Firefox.
3: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
Tor Browser 7.5.6 updates Firefox to 52.9.0esr and includes newer
versions of NoScript and HTTPS Everywhere. Moreover, we added the latest
Tor stable version, 0.3.3.7 [4].
4: https://blog.torproject.org/tor-0337-released
This Tor Browser version additionally contains a number of backported
patches from the alpha, most notably the feature to treat cookies set
by .onion domain as secure as well [5].
5: https://trac.torproject.org/projects/tor/ticket/21537
For Windows users we activated an option that prevents an accidental
proxy bypass when dealing with UNC paths [6].
6: https://trac.torproject.org/projects/tor/ticket/26424
The full changelog since Tor Browser 7.5.5 is:
* All platforms
* Update Firefox to 52.9.0esr
* Update Tor to 0.3.3.7
* Update Tor Launcher to 0.2.14.5
* Bug 20890: Increase control port connection timeout
* Update HTTPS Everywhere to 2018.6.21
* Bug 26451: Prevent HTTPS Everywhere from freezing the browser
* Update NoScript to 5.1.8.6
* Bug 21537: Mark .onion cookies as secure
* Bug 25938: Backport fix for cross-origin header leak (bug 1334776)
* Bug 25721: Backport patches from Mozilla's bug 1448771
* Bug 25147+25458: Sanitize HTML fragments for chrome documents
* Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp
* Windows
* Bug 26424: Disable UNC paths to prevent possible proxy bypasses
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-announce mailing list tor-announce@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce