+- FLASH -- 1d ---------------------------------------------------------------------------------------------------[...]+ | | | ⚡️🚨 NEW - A newly disclosed vulnerability in Firefox (CVE-2026-6770) allowed websites to track users across different | | sites that lasted for the lifetime of the browser process. | | | | This vulnerability let any website quietly build a stable tracking identifier that lasted for the whole lifetime of | | your Firefox process. | | | | It didn’t steal data or abuse storage, it simply read the predictable order in which the IndexedDB API returned | | database metadata and that order never changed as long as the browser stayed open, so sites could link your activity | | across tabs, windows, and even after you cleared data or hit the Tor reset button. | | | | After the issue was reported Mozilla rolled out the fix in Firefox 150 and ESR 140.10 on April 21 (Tor Browser got | | the same update). | | | | The patch randomizes that metadata order so the trick no longer works. | | https://blossom.primal.net/e9f25d735ea37ef95b623ec0b06989bd9ca44814e1e86fb2a6491debd7a08353.jpg | | https://blossom.primal.net/4d2f4015860635e5392f36874edc435e26e69c7a4e5aa6e5a83f396fc9a8946f.png | | | +-- reply --------------------------------------------------------------------------------------------------------- ---+⚡️🚨 NEW - A newly disclosed vulnerability in Firefox (CVE-2026-6770) allowed websites to track users across different sites that lasted for the lifetime of the browser process. This vulnerability let any website quietly build a stable tracking identifier that lasted for the whole lifetime of your Firefox process. It didn’t steal data or abuse storage, it simply read the predictable order in which the IndexedDB API returned database metadata and that order never changed as long as the browser stayed open, so sites could link your activity across tabs, windows, and even after you cleared data or hit the Tor reset button. After the issue was reported Mozilla rolled out the fix in Firefox 150 and ESR 140.10 on April 21 (Tor Browser got the same update). The patch randomizes that metadata order so the trick no longer works. https://blossom.primal.net/e9f25d735ea37ef95b623ec0b06989bd9ca44814e1e86fb2a6491debd7a08353.jpg https://blossom.primal.net/4d2f4015860635e5392f36874edc435e26e69c7a4e5aa6e5a83f396fc9a8946f.png
thread · root 68f96b35…bb2e · depth 1 · · selected 68f96b35…bb2e
thread
root 68f96b35…bb2e · depth 1 · · selected 68f96b35…bb2e
⚡️🚨 NEW - A newly disclosed vulnerability in Firefox (CVE-2026-6770) allowed websites to track users acrossdifferent sites that lasted for the lifetime of the browser process.This vulnerability let any website quietly build a stable tracking identifier that lasted for the whole lifetimeof your Firefox process.It didn’t steal data or abuse storage, it simply read the predictable order in which the IndexedDB API returneddatabase metadata and that order never changed as long as the browser stayed open, so sites could link youractivity across tabs, windows, and even after you cleared data or hit the Tor reset button.After the issue was reported Mozilla rolled out the fix in Firefox 150 and ESR 140.10 on April 21 (Tor Browsergot the same update).The patch randomizes that metadata order so the trick no longer works.https://blossom.primal.net/e9f25d735ea37ef95b623ec0b06989bd9ca44814e1e86fb2a6491debd7a08353.jpghttps://blossom.primal.net/4d2f4015860635e5392f36874edc435e26e69c7a4e5aa6e5a83f396fc9a8946f.png
