What’s in the latest Firefox update? 88 stymies shifty JavaScript tracker


Mozilla this week refreshed Firefox by releasing version 88, adding yet another anti-tracking defense, this one set up to stymie abuses of the JavaScript variable window.name.

The company’s developers also patched 13 vulnerabilities, five of them labeled “High,” Firefox’s second-most-serious label. “We presume that with enough effort this could have been exploited to run arbitrary code,” Mozilla noted in three of the five. None were marked “Critical.”

Firefox 88 can be downloaded for Windows, macOS, and Linux from Mozilla’s site. Because Firefox updates in the background, most users can relaunch the browser to install the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” (On macOS, “About Firefox” can be found under the “Firefox” menu.) The resulting page or pop-up shows that the browser is already up to date or displays the upgrade process.

Mozilla upgrades Firefox every four weeks; the last refresh was on March 23.

Leakage around the window.name

Easily the most notable change in Firefox 88 was this one, which Mozilla characterized as “a new protection against privacy leaks” designed so that “trackers are no longer able to abuse the window.name property to track users across websites.”

The window.name JavaScript variable can store any data the site desires, and because it has largely been exempt to browsers’ policies designed to block sites from sharing data, they have been abused by advertisers to track users’ movements around the web. “Tracking companies … have effectively turned it into a communication channel for transporting data between websites,” Mozilla contended. “Worse, malicious sites have been able to observe the content of window.name to gather private user data that was inadvertently leaked by another website.”



Source link