We found a stable Firefox identifier linking all your private Tor identities
4 hours ago
- #privacy
- #browser-security
- #indexeddb
- A privacy vulnerability was found in all Firefox-based browsers, allowing websites to create a unique, stable identifier from IndexedDB entry order, bypassing cross-origin isolation.
- This issue enables cross-site tracking even in private modes, with the identifier persisting across sessions in Firefox Private Browsing and Tor Browser's 'New Identity' feature, undermining privacy guarantees.
- Mozilla fixed the vulnerability in Firefox 150 and ESR 140.10.0, and the patch addresses it by sorting results to remove entropy from internal storage ordering.