Apr 20 2021

Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trick

Category: Web SecurityDISC @ 1:08 pm

Over the past two months or so, Mozillaā€™s Firefox browser has had a lot less media attention than Googleā€™s Chrome and Chromium projectsā€¦

ā€¦but Mozilla probably isnā€™t complaining this time, given that the last threeĀ mainstream releasesĀ of Chrome have included security patches forĀ zero-day security holes.

A zero-day is where the crooks find an exploitable security hole before the good guys do, and start abusing that bug to do bad stuff before a patch exists.

The name reflects the annoying fact that there were zero days that you could possibly have been ahead of the crooks, even if you are the sort of accept-no-delays user who always patches on the very same day that software updates first come out.

To be fair to the Chromium team, the most recent zero-day hole, patched in version 90 of the Chrome and Chromium projects, is best described as half-a-hole. You have to go out of your way to run the browser with its protective sandbox turned off, something that you will probably not do by choice, and are unlikely to do by mistake.

Tags: Firefox, JavaScript tracking