This release features important security updates to Firefox.
A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor stable release (0.3.0.10) + an updated HTTPS-Everywhere (5.2.21) and NoScript (184.108.40.206).
In this new release we continue to fix regressions that happened due to the transition to Firefox 52. Most notably, we avoid the scary warnings popping up when entering passwords on .onion sites without a TLS certificate (bug 21321). Handling of our default start page (about:tor) has improved, too, so that using the searchbox on it is working again and it does no longer need enhanced privileges in order to function.
The full changelog since Tor Browser 7.0.2 (for Linux since Tor Browser 7.0.3) is:
- All Platforms
- Update Firefox to 52.3.0esr
- Update Tor to 0.3.0.10
- Update Torbutton to 220.127.116.11
- Update Tor Launcher to 0.2.12.3
- Bug 22592: Default bridge settings are not removed
- Translations update
- Update HTTPS-Everywhere to 5.2.21
- Update NoScript to 18.104.22.168
- Bug 21321: Exempt .onions from HTTP related security warnings
- Bug 22073: Disable GetAddons option on addons page
- Bug 22884: Fix broken about:tor page on higher security levels
- OS X
- Bug 22829: Remove default obfs4 bridge riemann.