Mozilla has announced that it will introduce a more privacy-focused default Referrer Policy to protect Firefox users' privacy, starting with the web browser's next version.
The new user privacy protection feature against accidental leaking of sensitive user data will be introduced in Firefox 87.
Once updated, the web browser will automatically trim user-sensitive information like path and query string information accessible from the Referrer URL.
This URL is sent together with the HTTP Referrer header between websites during subresources requests and navigating between sites by clicking on links.
"Unfortunately, the HTTP Referrer header often contains private user data: it can reveal which articles a user is reading on the referring website, or even include information on a user's account on a website," Mozilla's Dimi Lee and Christoph Kerschbaumer said earlier today.
As BleepingComputer has observed while sieving through internal web server logs, referrer URLs can expose an extensive array of other sensitive info, including but not limited to Internal hostnames for government and enterprise entities that most likely should not be public.
Malicious actors could then pull sensitive info like internal names from their web servers' access logs or their analytics software if they can trick a target into visiting a site hosted on servers under their control.
"As illustrated in the example above, this new stricter referrer policy will not only trim information for requests going from HTTPS to HTTP, but will also trim path and query information for all cross-origin requests," they added.
"With that update, Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience."
To benefit from this added privacy protection, Firefox users will only have to update their browsers to version 87, which will come with the new 'strict-origin-when-cross-origin' referrer-policy that crops any user sensitive info from referrer URLs.
By applying the new Referrer Policy to all navigational, redirected, and subresource (image, style, script) requests, Firefox will provide a more private browsing experience to all users after its release on Tuesday.
Firefox 86, the previous stable version, also came with a significant privacy boost with the addition of Total Cookie Protection. This privacy feature prevents web trackers from keeping tabs on your web activity by keeping each site's cookies in a separate "cookie jar" container.
Starting with version 85, Firefox added supercookie protection to block hidden trackers from tracking users across sites by isolating caches and network connections for each visited site.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now