What's Happening?
Researchers have identified a vulnerability in Firefox that could allow threat actors to fingerprint users, even in Private Browsing mode. This issue also affects the Tor browser, which is based on Firefox. The vulnerability, tracked as CVE-2026-6770,
involves the IndexedDB browser API, which stores structured data on the client side. Firefox uses internal UUID mappings for IndexedDB database names, and the order of these databases remains consistent across different sites while the same browser process is running. This consistency allows unrelated sites to link a user's activity across domains without cookies or shared storage. Mozilla has addressed this issue with the release of Firefox 150, assigning it a 'medium severity' rating. The Tor Project has also implemented the patch in its latest browser update.
Why It's Important?
The vulnerability poses a significant privacy risk, particularly for users relying on Firefox's Private Browsing mode or Tor's anonymity features. By allowing websites to link user sessions, the flaw undermines the privacy protections these browsers are designed to provide. This could have broader implications for user trust in these browsers, especially among those who prioritize privacy and anonymity online. The patch by Mozilla and the Tor Project is crucial in maintaining user confidence and ensuring that these browsers continue to offer robust privacy protections.
What's Next?
With the patch now available, users are encouraged to update their browsers to the latest versions to protect against potential exploitation. It is likely that Mozilla and the Tor Project will continue to monitor for any further vulnerabilities and work on enhancing their privacy features. Users and privacy advocates will be watching closely to see how these browsers address any future security challenges.
