Firefox 65 Brings Improved Privacy Protections

Mozilla this week released the stable version of Firefox 65 with privacy protection improvements, patches, and other security enhancements inside. 

The browser has been offering content blocking settings to users for some time, allowing them to control online trackers as part of the Enhanced Tracking Protection feature that was included in Firefox 63. 

The goal at the time was to make the protections available to all users in Firefox 65, but Mozilla now says it plans to run a few more experiments before rolling the feature out-by-default. 

However, the organization did include a redesigned content blocking section (in the site information panel) in the new application release, so as to provide users with information on what Firefox detects and blocks on each visited website.

“As a result of some of our previous testing, we’re happy to announce a new set of redesigned controls for the Content Blocking section in today’s Firefox release where users can choose their desired level of privacy protection,” Mozilla’s Nick Nguyen notes in a blog post. 

The redesigned Content Blocking section now allows users to opt in to one of the three distinct choices available for them: standard, strict, and custom.

The first option, Nguyen says, is for those who want to “set it and forget it,” and by default blocks known trackers in Private Browsing Mode (in the future, it will also block Third Party tracking cookies). 

The second option blocks known trackers in all Firefox windows and is meant for those who want additional protection and don’t mind if sites break. 

People looking for complete control over what trackers and cookies they want to block can choose the third option. They can choose to block in Private Windows or All Windows, and can also select the list of trackers (basic or strict) and cookies to block. 

Firefox 65 also improves the security of macOS, Linux, and Android users through stronger stack smashing protections that have been enabled by default for all platforms (in stack smashing attacks actors corrupt or take control of a vulnerable program). 

The pop-up blocker in Firefox has been improved as well, so as to prevent multiple pop-up windows from being opened by websites at the same time.

Additionally, Firefox 65 includes patches for 7 vulnerabilities, three of which have a Critical severity rating. Three other are considered High risk, while the last one has a Medium severity. 

The Critical flaws include a use-after-free while parsing an HTML5 stream in concert with custom HTML elements (CVE-2018-18500), memory safety bugs in Firefox 64 (CVE-2018-18502), and memory safety bugs in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501).

The High severity bugs include CVE-2018-18503 (memory corruption with Audio Buffer), CVE-2018-18504 (memory corruption and out-of-bounds read of texture client buffer), and CVE-2018-18505 (privilege escalation through IPC channel messages – the result of an earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079).

Mozilla also addressed CVE-2018-18506, a vulnerability where a Proxy Auto-Configuration file can define localhost access to be proxied when proxy auto-detection is enabled. This could “allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing,” Mozilla notes in an advisory. 

Related: Firefox 63 Blocks Tracking Cookies

Related: Firefox 69 to Disable Adobe Flash by Default