What's in the latest Firefox update? 88 stymies shifty JavaScript tracker

Mozilla continues to push privacy protections in Firefox 88, preventing the window.name property from leaking data across sites.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Page 2
Page 2 of 28

Firefox 87

Mozilla on Tuesday updated Firefox to version 87, adding a new privacy feature designed to automatically fix websites impaired by the browser's aggressive anti-tracking defenses.

The organization's security engineers also patched eight vulnerabilities, only two of which were labeled as "High," Firefox's second-most-serious label. It was the second version of Firefox without a top-ranked "Critical" bug.

Firefox 87 can be downloaded for Windows, macOS and Linux from Mozilla's site. Because Firefox updates in the background, most users can relaunch the browser to install the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." (On macOS, "About Firefox" can be found under the "Firefox" menu.) The resulting page or pop-up shows that the browser is already up to date or displays the refresh process.

Mozilla upgrades Firefox every four weeks; the last refresh was on Feb. 23.

Stand-in scripts mitigate anti-tracking problems

"SmartBlock" is easily the most significant addition to Firefox 87.

"Introducing a policy that outright blocks trackers on the web inevitably risks blocking components that are essential for some websites to function properly," Thomas Wisniewski, web compatibility engineer, said in a March 22 post to the Mozilla security blog. "This can result in images not appearing, features not working, poor performance, or even the entire page not loading at all."

Mozilla has been clear about the trade-offs made when anti-tracking defenses are dialed up to 11: The company has regularly warned users that setting Firefox's Enhanced Tracking Protection to "Strict," the most aggressive option, "may cause some websites to not display content or work correctly."

SmartBlock looks to address this downside by sliding dummy scripts into sites to replace those blocked by the tracking defenses. Those scripts, Wisniewski contended "behave just enough like the original ones to make sure that the website works properly." The stand-in scripts thus let the previously-broken sites load properly — blocked scripts sometimes make websites pause or slow rendering — and function as they would if they'd not been touched.

These doppelgängers, Wisniewski continued, are bundled with Firefox — they're not loaded from a third-party source, in other words — and, of course, don't behave exactly like the barred scripts, in that they certainly don't track the user from site to site across the web.

SmartBlock will be a multi-edition project for Mozilla, according to Wisniewski. Firefox 87, he said, includes stand-ins for "a number of common scripts classified as trackers on the Disconnect Tracking Protection List," referring to the source Mozilla uses to identify trackers. Those in version 87 "are just the start" with more to be provided "in upcoming versions of Firefox," Wisniewski concluded.

The new feature is enabled when the user enters Firefox's Private Browsing mode and when Enhanced Tracking Protection is set to "Strict."

Stripping referrers

Also new to Firefox 87, Mozilla switched to a default policy that strips out potential tracking information from the referrer, the location at which the browser was just prior to the current site or page.

Absent instructions, a browser will typically tell the destination server where it was last at, in essence where it came from. Firefox 87 now trims this URL from its full path to the domain only, thus removing a large amount of the granularity trackers might provide, say, advertisers about what a user's browser last rendered.

"Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience," said Dimi Lee and Christoph Kerschbaumer, software development engineer and Firefox security infrastructure engineering manager, respectively, in a March 23 post to the Mozilla security blog.

Elsewhere in Firefox 87, Mozilla added tick marks to the scrollbar to denote instances of an executed "Find in This Page" command. The marks, however, are very faint and while not distracting are hard to see at anything close to a glance. Firefox also now supports the macOS native screen reader, VoiceOver.

The next version, Firefox 88, will be released April 20.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Page 2
Page 2 of 28
Shop Tech Products at Amazon