Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Firefox 65 Brings Improved Privacy Protections

Mozilla this week released the stable version of Firefox 65 with privacy protection improvements, patches, and other security enhancements inside. 

Mozilla this week released the stable version of Firefox 65 with privacy protection improvements, patches, and other security enhancements inside. 

The browser has been offering content blocking settings to users for some time, allowing them to control online trackers as part of the Enhanced Tracking Protection feature that was included in Firefox 63

The goal at the time was to make the protections available to all users in Firefox 65, but Mozilla now says it plans to run a few more experiments before rolling the feature out-by-default. 

However, the organization did include a redesigned content blocking section (in the site information panel) in the new application release, so as to provide users with information on what Firefox detects and blocks on each visited website.

“As a result of some of our previous testing, we’re happy to announce a new set of redesigned controls for the Content Blocking section in today’s Firefox release where users can choose their desired level of privacy protection,” Mozilla’s Nick Nguyen notes in a blog post

The redesigned Content Blocking section now allows users to opt in to one of the three distinct choices available for them: standard, strict, and custom.

The first option, Nguyen says, is for those who want to “set it and forget it,” and by default blocks known trackers in Private Browsing Mode (in the future, it will also block Third Party tracking cookies). 

The second option blocks known trackers in all Firefox windows and is meant for those who want additional protection and don’t mind if sites break. 

Advertisement. Scroll to continue reading.

People looking for complete control over what trackers and cookies they want to block can choose the third option. They can choose to block in Private Windows or All Windows, and can also select the list of trackers (basic or strict) and cookies to block. 

Firefox 65 also improves the security of macOS, Linux, and Android users through stronger stack smashing protections that have been enabled by default for all platforms (in stack smashing attacks actors corrupt or take control of a vulnerable program). 

The pop-up blocker in Firefox has been improved as well, so as to prevent multiple pop-up windows from being opened by websites at the same time.

Additionally, Firefox 65 includes patches for 7 vulnerabilities, three of which have a Critical severity rating. Three other are considered High risk, while the last one has a Medium severity. 

The Critical flaws include a use-after-free while parsing an HTML5 stream in concert with custom HTML elements (CVE-2018-18500), memory safety bugs in Firefox 64 (CVE-2018-18502), and memory safety bugs in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501).

The High severity bugs include CVE-2018-18503 (memory corruption with Audio Buffer), CVE-2018-18504 (memory corruption and out-of-bounds read of texture client buffer), and CVE-2018-18505 (privilege escalation through IPC channel messages – the result of an earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079).

Mozilla also addressed CVE-2018-18506, a vulnerability where a Proxy Auto-Configuration file can define localhost access to be proxied when proxy auto-detection is enabled. This could “allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing,” Mozilla notes in an advisory

Related: Firefox 63 Blocks Tracking Cookies

Related: Firefox 69 to Disable Adobe Flash by Default

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.