Data stored in property previously enabled to stay over various websites, however; it is changing.
Firefox 88 was released yesterday with few changes, among the changes, included a shift in how the browser will manage the window.name property.
Priorly, this property prevailed over the life of a tab, signifying that as a user moves from one website to other, the value in the property prevailed, and data from one site could be read by another website.
Firefox Privacy engineer Tim Huang in a blog post stated that tracking companies have been exploiting this property to leak data and have efficiently turned it into a communication channel for transferring data among the websites.
Malicious websites have been able to view the content of window.name to gather private user data that was accidentally leaked by another website.
Moving ahead, Firefox will now remove the property while transitioning between websites and if a user returns to the website, that site’s window.name value will be restored.
Mr. Huang said that collectively these dual rules for clearing and restoring window.name data efficiently confine that data to the site where it was initially created, pretty much similar to how Firefox’s Total Cookie Protection confines cookies to the site where they were created.
This confinement is necessary for preventing malicious websites from exploiting window.name to obtain users’ personal data.
Firefox 88 disables FTP functionality
Now, as Firefox 88 release disables FTP functionality in the browser, the code implementing the protocol will be ripped out in Firefox 90.
Now, if you click on an FTP link, Firefox will try to redirect you to an external application.
Mozilla software engineer Michal Novotny last year said that FTP is an unreliable protocol and there stands no reason to prefer it over an HTTPS for downloading the resources.
Moreover, an element of the FTP code is quite old, unsafe, and hard to be maintained and the Firefox team found a lot of bugs in it priorly.
Firefox 88 adds several new features like support for JavaScript in PDF forms, smooth pinch-zoom through a touchpad on Linux, and screen readers will no longer read visually hidden texts.
The screenshot button was also eliminated from the URL bar, and developers received a toggle to switch among raw and formatted JSON responses.
Looking for more Security News, subscribe to our newsletter to receive regular updates on cybersecurity. Moreover, we bring you Web Hosting News, Security News, and more.
