Connect with us

Hi, what are you looking for?


Data Protection

Firefox 87 Adds Stronger User Privacy Protections

Mozilla today announced the release of Firefox 87 in the stable channel fitted with a new intelligent tracker blocking mechanism.

Mozilla today announced the release of Firefox 87 in the stable channel fitted with a new intelligent tracker blocking mechanism.

Called SmartBlock, the feature works in Firefox Private Browsing and Strict Mode and is meant to improve users’ browsing experience through fixing pages that Mozilla’s tracking protections break.

Firefox has had a built-in Content Blocking feature since 2015, providing increased protections to those who use Private Browsing windows and Strict Tracking Protection Mode. The feature was designed to block third-party scripts, images, and other content if loaded from known cross-site tracking companies.

Thus, Firefox Private Browsing windows could prevent these companies from tracking users across the web, but the privacy protections often resulted in the blocking of components essential for the proper functioning of some websites.

Some of the effects users have been experiencing include poor website performance, images that would not appear on the web page, certain features not working, and even pages that would fail to load entirely.

“To reduce this breakage, Firefox 87 is now introducing a new privacy feature we are calling SmartBlock. SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy,” Mozilla announced.

To improve user experience, SmartBlock provides local stand-ins for the third-party tracking scripts that are blocked. Designed to “behave just enough like the original ones,” these scripts ensure that websites load and that their functionality is intact.

Advertisement. Scroll to continue reading.

With the SmartBlock stand-ins bundled with Firefox, no third-party tracking content is loaded, thus fully preventing potential tracking attempts. SmartBlock automatically replaces specific common scripts that are classified as trackers on the Disconnect Tracking Protection List.

The new browser release also brings along a stricter, more privacy-focused Referrer Policy, where the browser, by default, “will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data.”

HTTP Referrer headers that browsers send to websites (such as the full URL of the referring document) with navigation or subresource requests may include information that could be used for analytics, logging, or cache optimization, caching, but also private user data, including details on a user’s account on a website.

The Referrer Policy was meant to provide a mechanism for websites to protect their users’ privacy, but there are websites that haven’t set a referrer policy, which results in browsers defaulting to ‘no-referrer-when-downgrade’ policy: they send full query information except for when navigating to a less secure destination.

Firefox 87 sets the default Referrer Policy to ‘strict-origin-when-cross-origin’, meaning that user sensitive information that is accessible in the URL will always be trimmed, for all “navigational requests, redirected requests, and subresource (image, style, script) requests.” The new policy will be enforced automatically upon updating to Firefox 87.

Related: Firefox Cracks Down on Supercookies to Improve User Privacy

Related: Firefox Improves Privacy Protections With Encrypted Client Hello

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.