"The vulnerability, tracked as CVE-2026-6770, is related to the IndexedDB browser API, which is used for storing structured data on the client side."
"This enables unrelated sites to independently observe the same ordering and use it to link a user's activity across domains without any cookies or shared storage."
"In Tor Browser, the stable identifier effectively defeats Tor Browser's 'New Identity' isolation within a running browser process, allowing websites to link sessions that are expected to be fully isolated from one another."
"Mozilla patched CVE-2026-6770 with the release of Firefox 150. The organization assigned the flaw a 'medium severity' rating."
A vulnerability, CVE-2026-6770, enables fingerprinting of Firefox users, even in Private Browsing mode, and affects the Tor browser. This issue arises from the IndexedDB API, which stores structured data. Firefox's method of storing IndexedDB database names allows unrelated sites to observe the same order of databases, linking user activity across domains without cookies. This fingerprint persists across sessions until the browser restarts. Mozilla has patched this vulnerability in Firefox 150, and the Tor Project has also implemented the fix in Tor Browser 15.0.10.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]