Firefox 91 Brings New Privacy, Security Improvements

Mozilla on Tuesday released Firefox 91, a version of the web browser that brings enhanced cookie clearing, HTTPS by default in private browsing mode, and patches for several high-severity vulnerabilities.

Once the user updates Firefox to version 91, the browser will automatically use an HTTPS connection when the Private Browsing feature is used. If the website does not support HTTPS, Firefox will establish a connection using the HTTP protocol.

“Note that this new HTTPS by Default policy in Firefox Private Browsing Windows is not directly applied to the loading of in-page components like images, styles, or scripts in the website you are visiting; it only ensures that the page itself is loaded securely if possible. However, loading a page over HTTPS will, in the majority of cases, also cause those in-page components to load over HTTPS,” Mozilla noted in a blog post.

Mozilla plans on expanding HTTPS by default to other parts of the browser as well in the coming months.

The organization also announced on Tuesday that Firefox 91 brings a significant privacy enhancement related to how cookies are handled, enabling users to easily delete all cookies and supercookies stored locally by websites and trackers.

“When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website’s ‘cookie jar’,” Mozilla explained. “This ‘Enhanced Cookie Clearing’ makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around.”

The Enhanced Cookie Clearing feature will be used automatically when users clear data for specific websites, if they have Strict Tracking Protection enabled. The new feature leverages the Total Cookie Protection mechanism unveiled earlier this year.

Mozilla has published a blog post explaining why clearing these types of cookies can be challenging, and how it solves those challenges.

The organization also published a security advisory to inform users about the vulnerabilities that have been patched with the release of Firefox 91.

All of the vulnerabilities fixed in the latest version of the browser are related to memory corruption and their exploitation can lead to a crash and possibly arbitrary code execution. All except one of the flaws have been assigned a severity rating of “high.”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised users and administrators to review the advisory and update the browser. 

Related: Firefox 88 Combats Cross-Site Tracking to Improve User Privacy

Related: Mozilla Launches Privacy-Focused Browsing Data Sharing Platform

Related: Firefox 87 Adds Stronger User Privacy Protections