Security News

Mozilla this week announced improved user privacy in Firefox 86, with the introduction of a new feature aimed at preventing the tracking of users from site to site. Called Total Cookie Protection and built into Enhanced Tracking Protection Strict Mode, the new feature was designed to confine cookies to the websites that created them, and complements the Supercookie Protections that Mozilla introduced in Firefox 85 last month.

Mozilla Firefox 86 was released today with Total Cookie Protection, a new privacy feature that prevents web trackers from keeping tabs on your activity while browsing the web. With the release of Firefox 86, all other Firefox development branches have also moved up a version bringing Firefox Beta to version 87, and the Nightly builds to version 88.

An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution. In its advisory for the vulnerability - the bug currently does not have a CVE identifier - Mozilla described it as a "Buffer overflow in depth pitch calculations for compressed textures." The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro's Zero Day Initiative, apparently only impacts Firefox running on Windows - other operating systems are not affected.

Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser. Last month, BleepingComputer reported that a bug in Windows 10 and Windows XP allows non-privileged users to mark an NTFS volume as dirty.

Mozilla this week announced further improvements to user privacy in Firefox, through the isolation of network connections and caches, thus essentially cracking down on supercookies. Specifically, Firefox 85 is arriving with an updated network architecture, where network connections and caches are isolated to the website being visited.

Mozilla Firefox 85 was released today with supercookie protection to block hidden trackers from tracking Firefox users' activity while browsing the Internet. Windows, Mac, and Linux desktop users can upgrade to Firefox 85 by going to Options -> Help -> About Firefox.

Mozilla is strengthening the privacy protections in Firefox with the implementation of Encrypted Client Hello, an evolutionary step from Encrypted Server Name Indication. In 2018, just after Cloudflare turned on Encrypted SNI, Mozilla added support for encrypting the Transport Layer Security SNI extension to Firefox Nightly.

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability is separate from a bug reported in Google's browser engine Chromium, which is used in the Google Chrome browser and Microsoft's latest version of its Edge browser.

Mozilla Firefox is disabling the browser's backspace key to prevent users from accidentally losing data typed into forms. In 2014, Google removed the ability to go back to a previous page by using the backspace key as it could cause the loss of data entered into forms on the current page.

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The specific critical bug in Firefox was also highlighted earlier this month in Google's Chrome browser security update, where it was rated as a high-severity flaw.