firefox 88: Mozilla Firefox 88 update adds a new privacy feature – Times of India


The latest update for the Mozilla Firefox web browser, Firefox 88, has added a new privacy feature that deals with a JavaScript variable called “window.name”. Usually, when you open a new tab in a browser, it can mark the new tab with a name or tag. This ‘named’ page can be used as a target to open more content, and as such, leaves a window for hackers to snoop on your system.
As per a report by nakedsecurity.sophos.com, the window.name property “doesn’t follow the so-called Same-Origin Policy (SOP), where only cookies and JavaScript variables set by website X can be read back in by website X. The SOP is a fundamental part of web security because it stops site Y, which might be an unscrupulous marketing page or a phishing site run by crooks, from getting at personal data stored by site X.”
Why the window.name property can be dangerous? The cookies and other site-specific JavaScript variables can store sensitive details like your username, your login information for banks, profile, your shopping cart contents and more. So, the window.name property could be exploited to bypass the SOP and malware attacks planted.
But with Firefox 88, the company claims that it has plugged that hole. “To close this leak, Firefox now confines the window.name property to the website that created it.” With the new update, now when a user opens a tab in Firefox, it restricts the window.name property to that tab only. If you enter some other address in that tab, the value stored under the window.name variable gets deleted and hence, no trace of web activity can hopefully leak.



Source link

Leave a Comment