Tor users who use the Tor browser on Linux or Mac OS X devices may want to update the program to version 7.0.9 as soon as possible to plug a potential IP leak in the client software.
Tor browser is a cross-platform browser based on Firefox code that integrates the anonymization network Tor in the browser. The browser features several privacy and security related tweaks, some of which are or have been integrated in Firefox recently as well (for instance Canvas use notifications).
Tor Browser users who use Mac or Linux on devices can download the new browser version from the official Tor Project website. Please note that version 7.0.9 has been released only for those operating systems; the Windows versions of Tor browser is still at version 7.0.8 as it is not affected by the potential IP leak issue.
A new blog post on the official Tor Project blog reveals information about the issue. The issue is caused by a bug in Firefox's handling of file:// URLs according to the announcement.
This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser
Users of Tails and users of the sandboxed Tor browser are not affected by the issue.
The fix may impact file:// URL functionality in the Tor browser. The Tor development team notes that "entering file:// URLs in the URL bar and clicking on resulting links is broken" does not work anymore after the update is installed, and that opening those in a "new tab or new window" does not work anymore either. Affected users can drag the link into the URL bar or on a tab instead as a workaround.
The development team tracks these regressions, and it seems likely that fixes will be released in a future version of the Tor browser to address those.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.