Tor Browser 9.0.7 Update Released
A new version of Tor Browser, 9.0.7, is now available. Tor Browser is designed to provide anonymity, security, and privacy by routing all traffic exclusively through the Tor network. It is not possible to connect directly through the system’s standard network connection, which prevents tracking of the user’s real IP address. However, if the browser is compromised, attackers may gain access to system network settings. For complete protection against potential leaks, it is recommended to use additional tools such as Whonix.
Tor Browser is available for Linux, Windows, macOS, and Android.
What’s New in Version 9.0.7
- Component Updates: This release updates Tor to version 0.4.2.7 and NoScript to version 11.0.19, both of which address security vulnerabilities.
- Tor Security Fix: A DoS vulnerability in Tor was fixed that previously allowed attackers to overload the CPU by targeting Tor directory servers under their control.
- NoScript Security Fix: An issue was resolved in NoScript that allowed JavaScript code execution in “Safest” mode via redirection to a “data:” URI.
- Additional JavaScript Protection: Developers have added extra protection in “Safest” mode by automatically disabling JavaScript at the
javascript.enabledsetting inabout:config. This change prevents the use of NoScript’s whitelist to selectively override “Safest” mode. To restore the previous behavior, users can manually change thejavascript.enabledvalue.
Once the Tor developers are confident that all loopholes in NoScript for bypassing “Safest” mode are closed, this additional protection may be removed.