Mozilla Enhances Tracking Protection in Firefox 63

Mozilla introduces more powerful options for Firefox to block trackers from tracking users across the web.

Firefox 63

All over the web there are sites, services and advertisers that are actively tracking users. It's a situation that Mozilla wants to improve for users with better control and visibility over tracking.

On Oct. 24, Mozilla announced the release of its open-source Firefox 63 web browser, providing users with an Enhanced Tracking Protection feature. Firefox 63 also provides a refreshed look for the integrated developer tools inside of the browser, as well as fixes 14 vulnerabilities. The Firefox 63 release follows Firefox 62 that came out on Sept. 5 with improved performance and security updates.

"With today’s Firefox release, users will have the option to block cookies and storage access from third-party trackers," Nick Nguyen, vice president of Firefox at Mozilla, wrote in a blog. "This is designed to effectively block the most common form of cross-site tracking."

Mozilla has been talking about different types of anti-tracking capabilities for seven years. In 2011, Firefox 4 implemented Do Not Track, a feature that enables users to notify sites if they do not want to be tracked. That method relied on sites honoring user requests and had limited success. With Firefox 42, which was released in November 2015, Mozilla first added its Tracking Protection feature, restricting the ability of third-party technologies from tracking a user.

With the Enhanced Tracking Protection in Firefox 63, Mozilla is now providing users with more granular control to help prevent cross-site tracking. Users can now choose to block cookies that come from trackers. Mozilla defines trackers based on a Tracking Protection list from Disconnect.

"The storage access policy blocks resources identified as trackers from accessing their cookies and other site storage when they are loaded in a third-party context," Mozilla's developer documentation on Enhanced Tracking Protection states. "This prevents those resources from retrieving tracking identifiers stored in cookies or site storage and using them to identify users across visits to multiple first parties."

Developer Tools

Mozilla is also enhancing its developer tools in Firefox 63, with a new visual style for menus to help make it easier to use the included tools.

One of the developer tools being updated in Firefox 63 is the Fonts panel, which shows developers what local and web fonts are being used on a given web page.

"in Firefox 63 the Fonts panel gains new powers! You can adjust the parameters of the font on the currently selected element, and if the current font supports Font Variations, you can view and fine-tune those parameters as well," Matt "Potch" Claypotch, a developer and web platform advocate at Mozilla, wrote in a blog. "The syntax for adjusting variable fonts can be a little unfamiliar and it’s not otherwise possible to discover all the variations built into a font, so this tool can be a life saver."

Vulnerability Fixes

As part of the Firefox 63 update, Mozilla is patching 14 vulnerabilities, including two that have critical severity and three rated as high severity. The two critical severity issues (CVE-2018-12388 and CVE-2018-12390) are memory safety flaws that could potentially lead to arbitrary code execution.

Among the non-critical flaws of interest is CVE-2018-12397, which Mozilla rated as having moderate impact, but could potentially lead to unintended information disclosure.

"A WebExtension can request access to local files without the warning prompt stating that the extension will ‘Access your data for all websites’ being displayed to the user," Mozilla warns in an advisory. "This allows extensions to run content scripts in local pages without permission warnings when a local file is opened."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.