Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Firefox 87 Adds Stronger User Privacy Protections

Mozilla today announced the release of Firefox 87 in the stable channel fitted with a new intelligent tracker blocking mechanism.

Mozilla today announced the release of Firefox 87 in the stable channel fitted with a new intelligent tracker blocking mechanism.

Called SmartBlock, the feature works in Firefox Private Browsing and Strict Mode and is meant to improve users’ browsing experience through fixing pages that Mozilla’s tracking protections break.

Firefox has had a built-in Content Blocking feature since 2015, providing increased protections to those who use Private Browsing windows and Strict Tracking Protection Mode. The feature was designed to block third-party scripts, images, and other content if loaded from known cross-site tracking companies.

Thus, Firefox Private Browsing windows could prevent these companies from tracking users across the web, but the privacy protections often resulted in the blocking of components essential for the proper functioning of some websites.

Some of the effects users have been experiencing include poor website performance, images that would not appear on the web page, certain features not working, and even pages that would fail to load entirely.

“To reduce this breakage, Firefox 87 is now introducing a new privacy feature we are calling SmartBlock. SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy,” Mozilla announced.

To improve user experience, SmartBlock provides local stand-ins for the third-party tracking scripts that are blocked. Designed to “behave just enough like the original ones,” these scripts ensure that websites load and that their functionality is intact.

With the SmartBlock stand-ins bundled with Firefox, no third-party tracking content is loaded, thus fully preventing potential tracking attempts. SmartBlock automatically replaces specific common scripts that are classified as trackers on the Disconnect Tracking Protection List.

The new browser release also brings along a stricter, more privacy-focused Referrer Policy, where the browser, by default, “will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.”

HTTP Referrer headers that browsers send to websites (such as the full URL of the referring document) with navigation or subresource requests may include information that could be used for analytics, logging, or cache optimization, caching, but also private user data, including details on a user’s account on a website.

The Referrer Policy was meant to provide a mechanism for websites to protect their users’ privacy, but there are websites that haven’t set a referrer policy, which results in browsers defaulting to ‘no-referrer-when-downgrade’ policy: they send full query information except for when navigating to a less secure destination.

Firefox 87 sets the default Referrer Policy to ‘strict-origin-when-cross-origin’, meaning that user sensitive information that is accessible in the URL will always be trimmed, for all “navigational requests, redirected requests, and subresource (image, style, script) requests.” The new policy will be enforced automatically upon updating to Firefox 87.

Related: Firefox Cracks Down on Supercookies to Improve User Privacy

Related: Firefox Improves Privacy Protections With Encrypted Client Hello

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.