Tor Browser 7.0a3 is released
Update (May 8 10:20 UTC): Mozilla released Firefox 52.1.1esr fixing among others a security bug which could lead to a potentially exploitable crash on the Windows platform. By default Tor Browser users are not affected as WebGL is put behind click-to-play placeholders, thanks to NoScript. Nevertheless, we are preparing a release later this week picking this fix up and, in addition to that, a lot of other improvements for our alpha series.
Update (Apr 24 8:36 UTC): Thanks to all for testing this alpha release so far. It turns out there are a number of issues that are affecting a lot of our alpha users. The following list should give an overview and help to avoid duplicate bug reports:
- Tor Browser is crashing when opening/downloading files that need an external application to handle them. This is bug 21766.
- Tor Browser is crashing on about:addons with the security slider set to "high" and does not show any preferences on about:preferences ticked. This issue is tracked in bug 21962.
- The canvas prompt is not shown anymore in Tor Browser. This issue is tracked in bug 21778.
- There is no sound on Linux systems without PulseAudio anymore. This is bug 1247056. Check this one out for Mozilla's reasoning behind dropping ALSA support.
Tor Browser 7.0a3 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This is the first alpha release which is based on Firefox ESR 52. We updated all of our patches that did not get upstreamed yet and made Torbutton and Tor Launcher multiprocess (e10s) compatible. After the first nightly build based on ESR52 went out we already fixed a number of bugs associated with this switch. But more remain, please help!
We hope having e10s and Mozilla's content sandbox enabled will be one of the major new features in the upcoming Tor Browser 7.0 series, both security- and performance-wise. While we are still working on the sandboxing part for Windows, both Linux and macOS have e10s and content sandboxing enabled by default in Tor Browser 7.0a3. There are already a number of bugs related to that on our radar which can be found on our bug tracker and which are tagged with the `tbb-e10s` keyword. If you find more, please report them!
The switch to Firefox ESR 52 raises the system requirements for Tor Browser on Windows and macOS. Computers running Windows and are not SSE2-capable are not supported anymore. On Apple computers with OS X < 10.9 Tor Browser won't run anymore either. Update (Apr 24 8:41 UTC): Only the browser part of Tor Browser is affected by these new constraints. If you are e.g. on Windows and are using the expert bundle or are extracting tor from Tor Browser it should run on any computer it used to run. The same holds for macOS with one exception: tor we ship in Tor Browser won't run on Apple computers with OS X 10.6 anymore either.
We updated our toolchains during the ESR transition as well. In particular we retired the old GCC-based one for our macOS cross-compilation and rely solely on clang/cctools now. As with previous releases building 7.0a3 is fully reproducible on all three supported platforms, even though we needed to deploy a last minute patch for Linux bundles this time.
Apart from switching to the new ESR and dealing with related issues we included a new Tor alpha (0.3.0.5-rc) and updated our NoScript (5.0.2) and HTTPS-Everywhere versions (5.2.14). The Sandboxed Tor Browser for Linux got updated to 0.0.6 making sure it is compatible with Firefox ESR 52.
As in Tor Browser 6.5.2 we provide a fix for Tor Browser crashing on github.com on Windows and for Twitter issues that got reported already a while ago. We update our security slider as well taking newer JIT preferences into account.
A note to Windows users: We signed the .exe files with a new codesigning certificate as the old one is about to expire. If there are issues with that new certificate, e.g. scary warnings showing up after downloading a Tor Browser .exe file and double-clicking on it, please let us know.
The full changelog since Tor Browser 7.0a2 is:
- All Platforms
- Update Firefox to 52.1.0esr
- Tor to 0.3.0.5-rc
- Update Torbutton to 1.9.7.2
- Bug 21865: Update our JIT preferences in the security slider
- Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
- Bug 21745: Fix handling of catch-all circuit
- Bug 21547: Fix circuit display under e10s
- Bug 21268: e10s compatibility for New Identity
- Bug 21267: Remove window resize implementation for now
- Bug 21201: Make Torbutton multiprocess compatible
- Translations update
- Update Tor Launcher to 0.2.12
- Update HTTPS-Everywhere to 5.2.14
- Update NoScript to 5.0.2
- Update sandboxed-tor-browser to 0.0.6
- Bug 21764: Use bubblewrap's `--die-with-parent` when supported
- Fix e10s Web Content crash on systems with grsec kernels
- Bug 21928: Force a reinstall if an existing hardened bundle is present
- Bug 21929: Remove hardened/ASAN related code
- Bug 21927: Remove the ability to install/update the hardened bundle
- Bug 21244: Update the MAR signing key for 7.0
- Bug 21536: Remove asn's scramblesuit bridge from Tor Browser
- Add back old MAR signing key to not break updating Tor Browser stable
- Add `prlimit64` to the firefox system call whitelist
- Fix compilation with Go 1.8
- Use Config.Clone() to clone TLS configs when available
- Update Go to 1.7.5 (bug 21709)
- Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter)
- Bug 21887: Fix broken error pages on higher security levels
- Bug 21876: Enable e10s by default on all supported platforms
- Bug 21876: Always use esr policies for e10s
- Bug 20905: Fix resizing issues after moving to a direct Firefox patch
- Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
- Bug 21885: SVG is not disabled in Tor Browser based on ESR52
- Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
- Bug 3246: Double-key cookies
- Bug 8842: Fix XML parsing error
- Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo
- Bug 19192: Untrust Blue Coat CA
- Bug 19955: Avoid confusing warning that favicon load request got cancelled
- Bug 20005: Backport fixes for memory leaks investigation
- Bug 20755: ltn.com.tw is broken in Tor Browser
- Bug 21896: Commenting on website is broken due to CAPTCHA not being displayed
- Bug 20680: Rebase Tor Browser patches to 52 ESR
- Bug 21917: Add new obfs4 bridges
- Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
- Windows
- OS X
- Linux
- Build system
- Windows
- OS X
- Bug 21328: Updating to clang 3.8.0
- Bug 21754: Remove old GCC toolchain and macOS SDK
- Bug 19783: Remove unused macOS helper scripts
- Bug 10369: Don't use old GCC toolchain anymore for utils
- Bug 21753: Replace our old GCC toolchain in PT descriptor
- Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
- Linux
Comments
Please note that the comment area below has been archived.
When will we be able to run
When will we be able to run Snowflake bridges?
You mean when you will be
You mean when you will be able to use Snowflake? If you have Tor Browser alpha this is available on Linux only for now. The Snowflake folks are working on getting it integrated into macOS and Windows bundles as well.
Indeed it does seem that the
Indeed it does seem that the effects are pretty noticeable! Youtube is much more smoother than it used to be on earlier version! :)
Is the content process
Is the content process sandbox for Firefox 52 on Windows the same one that is used in Chromium?
Roughly, yes. Mozilla
Roughly, yes. Mozilla imports Google's code and adapts it to their needs. I am not sure whether the sandbox in Mozilla provides the same protections yet but the codebase is the same.
Thanks!
Thanks!
When I went to about:addons
When I went to about:addons and then "Get Add-ons" and I choosed uBlock to install it, it told me "Firefox blocked this site from attempting to install add-on" or something allong those lines
This doesn't happen with Tor Browser 6.5.2
You should not install any
You should not install any extra add-ons it makes it easier to fingerprint you, which in turn affects your anonymity.
Yes, but I was wondering
Yes, but I was wondering what may have caused that problem which was not found in the previous release (6.5.2).
So, I just tried with a
So, I just tried with a clean 7.0a3 on a Linux machine. I opened about:addons and entered "ublock" in the "Search all add-ons"-checkbox and installed it that way. It worked as expected. Going to a website to test whether it actually does things confirmed that. How can I reproduce your problem?
He talked about "Get
He talked about "Get Add-ons", not "Search all add-ons"-checkbox.
That does not make a
That does not make a difference for me. Does setting "extensions.logging.enabled" to "true" give you some error messages in the browser console (Ctrl+Shift+J) that explain what is going on? Is that reproducible with a clean new 7.0a3?
I retested again and this
I retested again and this issue did not appear, strange...
FF allows installing addons
FF allows installing addons from AMO & testpilot sites only. Try to install NoScript from its site, and you'll get the same error. Also the behavior of GetAddons is different for every Security Settings level (+ e10s on/off)!
I was able to install
I was able to install uBlock, but all it shows is the button to open the dashboard/settings. I can't see or use anything below enable/disable i/o button e.g. requests blocked, element picker, logger, block elements & media, etc.
Since there is no mention of
Since there is no mention of it I'd assume Thunderbird/IceW with TorBirdie is still not working in the 7.0x platform
We need Tor Mail (Bundle),
We need Tor Mail (Bundle), based on this TBB!
Why not? I think on Windows
Why not? I think on Windows it should work out of the box. On macOs and Linux we currently test unix domain sockets and I guess TorBirdy/Thunderbird need to get taught how to deal with that, yes. But I think it is reasonable to assume that this will be solved until that domain sockets feature reaches the stable channel.
Please clarify your
Please clarify your announcement about now requiring SSE2-capable processors : is it for the *browser* component only, or is it applicable to the core Tor proxy (viz, tor.exe on Windows 32 bits) ?
That's just the browser
That's just the browser component.
[NoScript HTTPS] AUTOMATIC
[NoScript HTTPS] AUTOMATIC SECURE on https://safebrowsing.google.com: NID=101=%removed_id%
Do they identify us?
About your note to Windows
About your note to Windows users: what exes do you sign? It is distributive only. No code signing found. And what could be wrong with it?
The installer, e.g.:
The installer, e.g.: https://utuhewzcso.oedi.net/torbrowser/7.0a3/torbrowser-install-7.0a3_e…. You should get a usual "downloaded-from-the-internet"-dialog with a clickable link to the Tor Project certificate details.
19:23:17.896 XML Parsing
19:23:17.896 XML Parsing Error: undefined entity
Location: jar:file:///x:/Tor%20Browser/Browser/omni.ja!/chrome/toolkit/content/mozapps/extensions/pluginPrefs.xul
Line Number 10, Column 3: 1 pluginPrefs.xul:10:3
19:23:17.932 TypeError: libLabel is null 1 PluginProvider.jsm:85:32
Very crashy on windows.
Very crashy on windows. Managed to crash it from the hamburger menu's Customize feature and crashed again when trying to post a comment on this very page. Looks like some very strong improvements otherwise, keep up the great work
crashy, hehe, that's what
crashy, hehe, that's what e10s means ;-)
Do you have steps to
Do you have steps to reproduce any of your crashes? If so, please let us know them, so we have a chance to get those issues fixed in the next (alpha) release. Thanks.
Both crashes happened within
Both crashes happened within minutes of a fresh install. I'm happy to go more in-depth, but when the crashes are that easy to experience I ponder the value of reporting when just a few minutes of experimenting with the UI and browsing around some sites such as the tor blog can provoke several. The browser totally freezed when typing a comment in the comment box of this blog, for one. Another crash I experience happened after clicking the hamburger menu, then clicking Customize, then dragging some icons to and from (and on either side of) the address bar. IIRC the crash happened after dragging the search bar off and placing it off the browser (to the dock of unused items just above the cut/copy/paste entries). I experienced another crash when opening about:config, and another crash when changing my download folder location from the Options screen. Also, many UI elements are missing throughout the browser (such as the little dots that indicate a selected option from the General section of the Options menu where the Downloads folder may be changed). Sorry if all of this is brief. I don't get any crashes in 7.0a2 or in the new 6.5.2. I greatly anticipate being able to use the new e10s features and hope a lot of this can be ironed out for 7.0a4. Platform is Win 10 64bit with creators update.
Thanks. We'll look into it
Thanks. We'll look into it and get back to you in case we have further questions. Special thanks for testing this on Windows as this is usually the platform that gets tested not so much by the developers yet we have the most users on it.
Okay, I tried quite a bit on
Okay, I tried quite a bit on my Windows 7 machine but I could not reproduce any of those crashes you are seeing. Could you give me some steps to reproduce at least some of them? Are they happening with a clean, new Tor Browser 7.0a3 (i.e. one freshly downloaded and without any modifications)?
Warning:
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’ aboutTor.js:42:18
Warning: ‘nsIAboutModule->newChannel(aURI)’ deprecated, please use ‘nsIAboutModule->newChannel(aURI, aLoadInfo)’ NetUtil.jsm:357:15
There are so many changes in
There are so many changes in FPI, so could you change Torbutton's INFOs about violations of it into warnings about it?
What violations are you
What violations are you talking about? Could you give an example of what you want to see changed?
Everything that violates FPI
Everything that violates FPI and goes through catch-all or noname circuits should be logged at higher logging level of Torbutton (now it's too noisy by INFO messages).
I see. There is a bunch of
I see. There is a bunch of stuff that we'll need to disable for the next alpha I hope or latest for the stable release. Thus, I think this will get much better. Let's wait for that until we think about changing the log level.
Antivirus AVG told me TOR
Antivirus AVG told me TOR was behaving suspicuously. I hit the wrong button, lost my TOR and cannot reinstall on Win 10. Merde!
Yes, antivirus tools are bad
Yes, antivirus tools are bad news:
https://decvnxytmk.oedi.net/docs/faq#VirusFalsePositives
(I'm not saying you shouldn't use them, if you're stuck on Windows. But they're still bad news.)
*All* Sound in Linux is
*All* Sound in Linux is broken now after update, :-(
I updated from the hardend version to
"7.0a3 (based on Mozilla Firefox 52.1.0) (64-bit)"
What does `pulseaudio
What does `pulseaudio --check -v` say?
Hi, we dont use pulse audio,
Hi, we dont use pulse audio, Alsa only.
https://bugzilla.mozilla.org/
https://bugzilla.mozilla.org/show_bug.cgi?id=1247056
Complain to Mozilla about it.
Hi Yawning Yes, It looks
Hi Yawning
Yes,
It looks really bad at the moment, from the multiple bug reports and even articles on the net it seems that they are very firm on to this track now,
they do not want to listen to the users that ,without warning, lost their websound, the solution they tell is add pulseaudio and make your system bad or "then you have to switch distro" , many many of the users in this situation can or will not add on the pulseaudio-layers now,
Therefore users will probably look for another browser instead? But as far as I know noscript and more is only for firefox, so that is not an option for some users that still care not to run all kind of not so nice scripts by default.
Same on Gentoo after
Same on Gentoo after installing Pulseaudio. No more sound. Pulseaudio doesn't detect my Xonar card. All it shows is the dummy-sink.
Hmm This is probably not the
Hmm
This is probably not the optimal way to go now for security, but if mozillafox really have decided that it must use a "man in the middle", is there some other easy way to use or make a small and more secure middle-ware, that now ONLY redirects firefox audio to use alsa as normal,
and maybe even without using JACK, ..if JACK is the normal system setup..
So if our program just pretend to be pulseaudio, what happens? can we then get sound back again without having all the bloaty scary downsides with pulseaudios insecurity and the other damages to the sound quality/latency problems in our systems?
(It seems so, as kxstudio have some option to run both JACK and Pulse in parallel (?) as I understand the solutions it will always be another program layer on top of alsa and not direct to alsa as usual, But why use pulseaudio at all then? Only because of the browser.. )
so if possible (maybe it have been done already by someone?), would this "minipulse" middleman be the second best alternative after having a future "pulsefree" Firefox version?
/Cw
People that want to use
People that want to use JACK, can setup JACK as a PulseAudio source/sink.
https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User…
I mean, if you want to re-implement PulseAudio, go nuts I guess. I'm personally happier that Firefox can't write to /dev/snd/*, but maybe that's just me.
Hi, sorry I dont know much
Hi,
sorry I dont know much about that problem with firefox,
is that "worse" than a possible memory and audio-snooping trough pulseaudio?
But the point was more from a security perspective, as I see it.
How to get rid of as much unknown software in the middle as possible.
Not to install truckloads more of them :-)
/ Cw
I can't download files
I can't download files throguh TOR in this version. The page gets blank before asking to save file, then I get the "window crashed" warning (and ALL windows actually crash).
Keep an eye on
Keep an eye on https://bugs.torproject.org/21766
Here is the popup-link with
Here is the popup-link with all the info about the latest Tor-updates no sound-problem:
https://support.mozilla.org/1/firefox/52.1.0/Linux/en-US/fix-common-aud…
That page is actually broken…
That page is actually broken: https://bugzilla.mozilla.org/show_bug.cgi?id=1345439. Just in case someone was wondering...
THX alot for all your work!
THX alot for all your work! :-)
Unfortunately, the latest TBB (tor-browser-linux64-7.0a3_en-US.tar) crashes immediately when clicking in the addons-page on, for example, 'get-addons' or 'appearance'.
System: Fedora 25, (kernel 4.10.10-200.fc25.x86_64)
Is this with the security
Is this with the security slider set to high?
Keep an eye on https://bugs.torproject.org/21962
yes it is!
yes it is!
DOJ CIA AND FBI WANTS TO
DOJ CIA AND FBI WANTS TO TAKE DOWN WIKILEAKS! WIKILEAKS EXPOSED CORRUPT GOVERNMENT! GOVERNMENT IS HIGHLY CORRUPT! RELEASED INFO IS JUST SCRATCHING THE SURFACE!
Report: DOJ Prepares Charges Against WikiLeaks, Assange
Charges could include theft of government property, conspiracy or violations of the Espionage Act
https://wikileaks.org/
[04-21 13:03:43] Torbutton
[04-21 13:03:43] Torbutton INFO: tor SOCKS: https://duckduckgo.com/favicon.ico via
duckduckgo.com:2467dcceb919f0e420f0238f35125055
[04-21 13:03:43] Torbutton INFO: tor SOCKS: https://noscript.net/noscript.ico via
--unknown--:2980d224968e92fc76c9654c3cab5ff3
[04-21 13:03:43] Torbutton INFO: tor SOCKS: https://trac.torproject.org/images/favicon.ico via
--unknown--:2980d224968e92fc76c9654c3cab5ff3
SSL Observatory WARN: Failed
SSL Observatory WARN: Failed to initialize NSS component:Error: couldn't find function symbol in library
14:29:36.196 TypeError:
14:29:36.196 TypeError: categories.setAttribute is not a function 1 preferences.js:76:7
init_all/< chrome://browser/content/preferences/in-content/preferences.js:76:7
On macOS Sierra, when I open
On macOS Sierra, when I open 7.0a3, I get a warning about my window being in full screen, even though it's not in full screen. I have version 6 installed, and I'm opening version 7 directly from the .dmg
You're not supposed to run
You're not supposed to run any of them directly from the DMG:
https://bugs.torproject.org/21445
OK, well, that should
OK, well, that should definitely be made clear. I was under the assumption it was self-contained and I could run it from anywhere
thanks for the update! great
thanks for the update! great work!
When "Save Link
When "Save Link As..."
[04-22 17:46:39] Torbutton INFO: New domain isolation for --unknown--: 58dc48b1e371d4881a82551e1b70600a
[04-22 17:46:39] Torbutton INFO: tor SOCKS: https://noscript.net/getit#devel via
--unknown--:58dc48b1e371d4881a82551e1b70600a
Any news regarding Orfox,
Any news regarding Orfox, I.e. TOR browser for android? It hasn't received any updates for several months, which makes me worried about its security. I use it nearly for all my browsing.
nice but I have a question:
nice but I have a question: when I go to the settings I can't mark any options. I only see blank squares but can't mark them when I click on them. why?
I guess you have set the
I guess you have set the security slider to "high"? In that case you are hitting https://bugs.torproject.org/21962 which we are about to fix.
Yes I have It on "High".. so
Yes I have It on "High".. so It is normal? does Tor browser controls that settings by Its own?
No. What you see is kind of
No. What you see is kind of collateral damage done by bug 21962. It will be fixed in the next alpha release.
Phishing with Unicode
Phishing with Unicode Domains
https://www.xudongz.com/blog/2017/idn-phishing/
dign the wide window it
dign the wide window it almost fits this netbook. Now if it could just be nudged north a little :) BTW all is working good here so far...cept ofcourse sound.
18:03:21.677 TypeError:
18:03:21.677 TypeError: realSpellChecker is null 1 InlineSpellCheckerContent.jsm:55:5
Same issues from 6.5a2
Same issues from 6.5a2 returned, which dcf created ticket #19837 for. dcf said it was about experimenting with #19273.
Thanks for the report. How
Thanks for the report. How do I reproduce your problem? I tested with a 7.0a3 on Windows and Linux following the links dcf mentioned in the description of #19837. Both loaded fine for me. Does this happen with a clean and freshly downloaded 7.0a3?
Seems he means SVG elements
Seems he means SVG elements don't show in AV controls.
I didn't know when comments
I didn't know when comments close so I guess I rushed; I haven't really had the chance to play around with this release yet. I'll try a fresh install in a few days. I used the same wired router to send in our taxes from another machine, and when I connected this one again there were strange requests through ports, Ru malware that kept respawning in different places, drivers & registry keys screwed with, firewall & security software disabled, MBAM not working.It's been a headache that I've been trying to sort out for over a week now. I've had to run a number of system restores and update TB in addition to other programs so I'll just assume for now that that's the likely cause of my issues. I'll let you know if it's still happening after a clean install.Thanks for taking the time to respond.
problem was an extension to
problem was an extension to an add-on; DTA anti-container. removed it, and now works fine.
Flashgot too
Flashgot too
11:42:03.229 Error: Callback
11:42:03.229 Error: Callback received for bad URI: [xpconnect wrapped nsIURI] 1 permissions.js:231:11
onIndexedDBUsageCallback chrome://browser/content/pageinfo/permissions.js:231:11
What did you do with
What did you do with https://www.fxsitecompat.com/en-CA/index.xml?
Nothing. What's the issue
Nothing. What's the issue with it?
Compare with 6.5.2
Compare with 6.5.2
I did. It looks the same on
I did. It looks the same on my Linux box. So, again, what is the problem you are seeing? And how can I reproduce it?
security slider on medium
security slider on medium
Error: Timed out while
Error: Timed out while waiting for data
Stack trace:
whenDataAvailable/timer<@chrome://devtools/content/netmonitor/netmonitor-view.js:1216:21
netmonitor-view.js:241:9
NetMonitorView.showNetworkStatisticsView/< chrome://devtools/content/netmonitor/netmonitor-view.js:241:9
TaskImpl.prototype._run resource://devtools/shared/task.js:312:39
Handler.prototype.process resource://gre/modules/Promise-backend.js:935:21
this.PromiseWalker.walkerLoop resource://gre/modules/Promise-backend.js:813:7
this.PromiseWalker.scheduleWalkerLoop/< resource://gre/modules/Promise-backend.js:747:11
A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.jsm/Promise
Date: Wed Apr 26 2017 12:10:18 GMT+0000 (UTC)
Full Message: TypeError: inspector is undefined
Full Stack: nsContextMenu.prototype.inspectNode/<@chrome://browser/content/nsContextMenu.js:576:11
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:932:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:813:7
this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
20:16:17.413 A promise chain
20:16:17.413 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…
Date: Wed Apr 26 2017 20:16:10 GMT+0000 (UTC)
Full Message: TypeError: inspector.selection is undefined
Full Stack: nsContextMenu.prototype.inspectNode/<@chrome://browser/content/nsContextMenu.js:576:11
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:932:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:813:7
this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
1 nsContextMenu.js:576
15:57:31.795 A promise chain
15:57:31.795 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…
Date: Thu Apr 27 2017 15:57:11 GMT+0000 (UTC)
Full Message: TypeError: elem.ownerGlobal is null
Full Stack: PageInfoListener.getMediaItems@chrome://browser/content/content.js:1164:9
PageInfoListener.processFrames@chrome://browser/content/content.js:1144:26
TaskImpl_run@resource://gre/modules/Task.jsm:319:42
1 content.js:1164
Why is exact TBB version
Why is exact TBB version still detectable by the site?
By which site?
By which site?
https://browserprint.info TBB
https://browserprint.info
TBB 7.0a3 on Win 7.
Maybe because it is easy to
Maybe because it is easy to detect that you are using Tor Browser and 7.0a3 is the only one so far using ESR52?
It can't detect version when
It can't detect version when visiting from Win XP, so I'm a bit worried.
where can i search through
where can i search through tor
Did Cl0udflare change how it
Did Cl0udflare change how it handles Tor recently? In the previous alpha release, Cl0udflare-hosted sites seemed to work flawlessly and I rarely had to solve captchas. However, over the past month or two, I've had to contend with the dreaded "Attention Required" page on nearly every site again. It seems like the issues w/ Cl0udflare have gotten worse than they were last year.
I am also seeing fewer
I am also seeing fewer captchas recently.
I'm seeing two Tor Browser
I'm seeing two Tor Browser processes simultaneously in Win Task Manager. Only a single application running, but two firefox.exe *32.[Is this how e10s would appear & would multiprocessing FF be a likely reason why some add-ons are not working as expected?]The second process appears after Tor connects to the network, as the browser is loading, just prior to About:tor displaying as the home page. Right after this, the 2nd process disappears, but comes back the moment I do anything outside of the home page, About:*, or options; if I search, load a locally stored file, or anything else, the 2nd firefox.exe *32 process appears.If I go back to the previous page i.e. the home page, I get a 'Problem Loading Page' tab, & a warning message stating 'The address isn't valid...' If I reload the About:tor page after closing the other tabs then the 2nd firefox.exe * 32 disappears again.[Again, just wondering if this is how Electrolysis child processes appear & if the compatibility of some FF add-ons would be affected.]
Yes, I think you describe
Yes, I think you describe the e10s behavior. I am not sure about your add-on issues, though, because Tor Browser, as Firefox is supposed to do, should fall back to e10s being disabled once it encounters an extension that is not compatible with it. But maybe those extensions you have are falling through the cracks? How can I reproduce your problems?
Yes, the issue with going back to about:tor is known: see: https://trac.torproject.org/projects/tor/ticket/21948.
Mozilla solved the problem
Mozilla solved the problem in Firefox 57, hehe
OK, well the minor issues
OK, well the minor issues seemed to be identical to what I experienced in 6.5a2; see: comment tree from Reply #1199 on the 6.5a2 blog post where dcf created ticket #19837.Around a week ago I think my browser's support page said that multiprocess windows were disabled, probably because the add-ons were incompatible with e10s like you described. They're enabled now, and I assume have been since I removed the add-ons last week. They were DTA AntiContainer & Flashgot.Just to be clear, TB seems to be working fine and I only experienced the issue with those particular add-ons installed. I guess I'll just have to wait for the developers of those extensions to re-write them to be compatible with the WebExtensions API.Thank you for your time, gk.
Prefixed WebGL is not
Prefixed WebGL is not disabled?
What do you mean? FWIW: We
What do you mean? FWIW: We are still auditing WebGL2 and depending on how it goes we might need to disable all related features. https://trac.torproject.org/projects/tor/ticket/16404 tracks that task.
I mean NoScript disables
I mean NoScript disables WebGL (v2 too), but not prefixed version.
https://html5test.com shows
https://html5test.com shows that Tor Browser doesn't support Content Security Policy 1, but Firefox does.
Works for me if I am on the
Works for me if I am on the low security level.
on Windows?
on Windows?
Yes, on Windows as well.
Yes, on Windows as well.
I've tested on different
I've tested on different machines, and the result is the same:
Security
21/32
Web Cryptography API
Yes ✔
Content Security Policy 1
No ✘
Content Security Policy 2
No ✘
18:00:37.221 Can not
18:00:37.221 Can not decrement crashed tab count to below 0 1 ContentCrashHandlers.jsm:488
onAboutTabCrashedUnload resource:///modules/ContentCrashHandlers.jsm:488:7
this.TabCrashHandler.receiveMessage resource:///modules/ContentCrashHandlers.jsm:155:9
bound self-hosted:915:17
MessageListener.prototype.callListeners resource://gre/modules/RemotePageManager.jsm:35:9
RemotePages.prototype.portMessageReceived resource://gre/modules/RemotePageManager.jsm:111:5
bound self-hosted:915:17
MessageListener.prototype.callListeners resource://gre/modules/RemotePageManager.jsm:35:9
ChromeMessagePort.prototype.observe resource://gre/modules/RemotePageManager.jsm:320:3
NoScript seems to have slown
NoScript seems to have slown down Tor Browser very often. When this happens, the slowdown is generally noticeable.
Full name: {73a6fe31-595d-460b-a920-fcc0f8843232}.
Impact on framerate: 0 high-impacts, 46 medium-impact (5 alerts).
CPU usage: 1% (total 1646093ms).
System usage: 1% (total 109350ms).
13:12:41.534 Unknown source
13:12:41.534 Unknown source for one-off search: header 1 BrowserUsageTelemetry.jsm:286
recordSearch resource:///modules/BrowserUsageTelemetry.jsm:286:15
BrowserSearch.recordOneoffSearchInTelemetry chrome://browser/content/browser.js:3856:7
handleSearchCommandWhere chrome://browser/content/search/search.xml:401:15
handleOneOffSearch chrome://browser/content/search/search.xml:966:11
handleSearchCommand chrome://browser/content/search/search.xml:1675:11
onxblclick chrome://browser/content/search/search.xml:1041:9
Torbutton INFO: The
Torbutton INFO: The DataTransfer is available
when I select text
That should be okay, see
That should be okay, see https://trac.torproject.org/projects/tor/ticket/21741.
Select is not drag'n'drop,
Select is not drag'n'drop, or you are saying Firefox tries to do something in either case?
I was assuming that you
I was assuming that you somehow dragged the selected text by accident. How are you selecting the text and on which platform does this happen?
If you selecting by clicking
If you selecting by clicking your mouse, nothing happens. But if you press the left button and move your mouse, then that message appears after releasing the button. This happens on Windows with e10s only.
Thanks. I looked with
Thanks. I looked with Wireshark in parallel while seeing the log message in the console and this seems to be harmless (i.e. no DNS or IP address leaks).
ftp://ftp.adobe.com/pub/adobe
ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.20/misc/
Generally awful
and also REMOTE_REASON=CONNECTREFUSED seems to be handled incorrectly (endless loading)
I know it is not officially
I know it is not officially recommended to install extra Addons or modify the browser from its original state. But if you do install extra Addons, it extremely slows down 7.0a3. Startup takes like 10 seconds more and during use the browser freezes sometimes for many seconds.
How to recreate the problem:
- Install an Addon for example: uBlock Origin or uMatrix
- You will experience the symptoms during installation and after restarting the browser
-> Browser freezes, Startup takes abnormaly long
On which platform does this
On which platform does this happen?
Both Windows and Linux, same
Both Windows and Linux, same issue on different PCs and also in a virtual machine
So should not be related to OS or hardware. Also original Firefox 52ESR does NOT have this issue.
Weird. I just tested it on
Weird. I just tested it on my Windows 7 testing machine and I don't see any differences after installing ublock origin. If you have error messages that might be relevant I'd like to see them. Also, does this happen with a clean, new 7.0a3?
TypeError: top is null[Learn
TypeError: top is null[Learn More] utilityOverlay.js:50:1
An error occurred executing the consoleCmd_openURL command: [Exception... "[JavaScript Error: "top is null" {file: "chrome://browser/content/utilityOverlay.js" line: 50}]'[JavaScript Error: "top is null" {file: "chrome://browser/content/utilityOverlay.js" line: 50}]' when calling method: [nsIController::doCommand]" nsresult: "0x80570021 (NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS)" location: "JS frame :: chrome://global/content/globalOverlay.js :: goDoCommand :: line 100" data: yes] globalOverlay.js:103
goDoCommand chrome://global/content/globalOverlay.js:103:5
oncommand chrome://devtools/content/webconsole/webconsole.xul:1:1
This version of TBB corrupts
This version of TBB corrupts HSTS headers sometimes (as this site provides correct headers):
15:09:00.400 Strict-Transport-Security: The site specified a header that could not be parsed successfully. 1 tor-browser-70a3-released
(found on Windows, e10s)
Which site do you mean with
Which site do you mean with "this site"? What makes you think Tor Browser is doing that?
"this site" in the log
"this site" in the log https://vbdvexcmqi.oedi.net/blog/tor-browser-70a3-released
I checked the headers, they are OK, but TBB couldn't parse them.
In regular Firefox you can
In regular Firefox you can drag a link from the url bar to the desk top. Please turn this on in Tor-browser
But that may easily result…
But that may easily result in DNS requests bypassing Tor which we don't want. See: https://trac.torproject.org/projects/tor/ticket/4517.
http://download.cnet.com/Auto
http://download.cnet.com/AutoPatcher-Updater/3000-2094_4-95445.html
scripts don't work on a page even after temporarily enabled (check '+' items) on Medium or High.
09:14:58.079
09:14:58.079 req.getResponseHeader is not a function chrome://noscript/content/Main.js:1639:0
Latest NoScript breaks
Latest NoScript breaks http://www.catalog.update.microsoft.com/ErrorInline.aspx with
TypeError: cyclic object value Main.js:1633:1
[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: chrome://noscript/content/Main.js :: unserializeReqData :: line 1639" data: no] Main.js:1641:0