Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Firefox 63 Blocks Tracking Cookies

Firefox 63 was released on Tuesday with a new cookie policy meant to prevent cross-site tracking by effectively blocking cookies and other site data from third-party tracking resources.

Firefox 63 was released on Tuesday with a new cookie policy meant to prevent cross-site tracking by effectively blocking cookies and other site data from third-party tracking resources.

The move was announced in August, when the feature entered the initial testing phase. Now, all desktop versions of Firefox include the experimental cookie policy that not only protects against cross-site tracking, but also aims to minimize site breakage associated with traditional cookie blocking.

The new policy was added as part of the Enhanced Tracking Protection feature, which represents Mozilla’s new effort to protect users from being tracked across the websites they access.

“We aim to bring these protections to all users by default in Firefox 65,” Mozilla says.

The new policy effectively blocks domains classified as trackers from accessing the storage on the user’s device. Thus, such domains cannot access or set cookies or other site data when loaded in a third-party context.

Trackers are also blocked from accessing other APIs that could allow them to communicate cross-site, such as the Broadcast Channel API. Firefox uses the Tracking Protection list maintained by Disconnect to know which domains are classified as trackers.

Blocking third-party cookies may break websites, especially if the sites integrate third-party content. To prevent issues, Mozilla added heuristics to Firefox to automatically grant time-limited storage access under certain conditions. Such permissions are added on a site-by-site basis, and only for access to embedded content that receives user interaction.

More structured access will be available through a Storage Access API that is now implemented in Firefox Nightly for testing. Also implemented in Safari, the API is a proposed addition to the HTML specification. It allows trackers to explicitly request storage access when loaded in a third-party context.

Advertisement. Scroll to continue reading.

To enable the new policy in Firefox, users should go to Options > Privacy & Security and select Third-Party Cookies in the Content Blocking section, then select Trackers (recommended). Users, however, can still take advantage of Tracking Protection to block all tracking loads. They simply need to set All Detected Trackers to Always.

Firefox 63 was also released with patches for 14 vulnerabilities, including two memory safety bugs rated “critical severity.” Additionally, it addressed three high risk bugs, four medium severity issues, and 5 low risk flaws.

The new browser release was also supposed to completely remove trust in Symantec certificates but, after learning that over 1% of the top 1,000,000 websites still use such certificates, Mozilla decided to delay the move.

Related: Firefox Drops Support for Windows XP

Related: Mozilla Delays Distrust of Symantec Certificates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem