Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Firefox 91 Brings New Privacy, Security Improvements

Mozilla on Tuesday released Firefox 91, a version of the web browser that brings enhanced cookie clearing, HTTPS by default in private browsing mode, and patches for several high-severity vulnerabilities.

Mozilla on Tuesday released Firefox 91, a version of the web browser that brings enhanced cookie clearing, HTTPS by default in private browsing mode, and patches for several high-severity vulnerabilities.

Once the user updates Firefox to version 91, the browser will automatically use an HTTPS connection when the Private Browsing feature is used. If the website does not support HTTPS, Firefox will establish a connection using the HTTP protocol.

“Note that this new HTTPS by Default policy in Firefox Private Browsing Windows is not directly applied to the loading of in-page components like images, styles, or scripts in the website you are visiting; it only ensures that the page itself is loaded securely if possible. However, loading a page over HTTPS will, in the majority of cases, also cause those in-page components to load over HTTPS,” Mozilla noted in a blog post.

Mozilla plans on expanding HTTPS by default to other parts of the browser as well in the coming months.

The organization also announced on Tuesday that Firefox 91 brings a significant privacy enhancement related to how cookies are handled, enabling users to easily delete all cookies and supercookies stored locally by websites and trackers.

“When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website’s ‘cookie jar’,” Mozilla explained. “This ‘Enhanced Cookie Clearing’ makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around.”

The Enhanced Cookie Clearing feature will be used automatically when users clear data for specific websites, if they have Strict Tracking Protection enabled. The new feature leverages the Total Cookie Protection mechanism unveiled earlier this year.

Advertisement. Scroll to continue reading.

Mozilla has published a blog post explaining why clearing these types of cookies can be challenging, and how it solves those challenges.

The organization also published a security advisory to inform users about the vulnerabilities that have been patched with the release of Firefox 91.

All of the vulnerabilities fixed in the latest version of the browser are related to memory corruption and their exploitation can lead to a crash and possibly arbitrary code execution. All except one of the flaws have been assigned a severity rating of “high.”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised users and administrators to review the advisory and update the browser. 

Related: Firefox 88 Combats Cross-Site Tracking to Improve User Privacy

Related: Mozilla Launches Privacy-Focused Browsing Data Sharing Platform

Related: Firefox 87 Adds Stronger User Privacy Protections

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.