Security News > 2021 > May > Firefox for Android gets critical update to block cookie-stealing hole
The bug listed here is what's known as a Universal Cross-site Scripting vulnerability, which means it's a way for attackers to access private browser data from website X while you are browsing on booby-trapped website Y. That's definitely not supposed to happen.
Your browser is supposed to stop data such as cookies "Leaking" between websites, or else site Y could peek at data such as your login details for site X, and abuse that site-specific data to masquerade as you on site X and hijack your account.
Browsers are supposed to enforce the aptly-named Same Origin Policy, or SOP, whereby locally-saved web data is locked down so it can only be read back in later on by the same website that saved it in the first place.
So this is definitely an update you want if you use Firefox on Android.
To all the browser makers out there, we'd like to ask, "Please will you make it easier for us and our readers to match up the browser version numbers on our mobile phones with the release notes that we rely upon for our laptops and desktops?".
The 88.0.1 release includes a second security patch, dubbed CVE-20210-29952 and rated High, that fixes a bug that no one has figured out how to exploit yet, but that someone might yet work out how to "Weaponise" to implant malware.