The Mozilla Foundation has released Firefox 86 that includes a new feature for ‘Total Cookie Protection,’ along with security fixes for five High risk vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The latest Firefox 86 includes a number of bug fixes, security patches and new feature called Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode.
“Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site,” Mozilla wrote in the blog post.
Moreover, Total Cookie Protection maintains a separate “cookie jar” for each website users visit. In other words, deposited cookies are confined only to the cookie jar assigned to that visited website and cannot be shared with other websites.
In addition, Firefox 86 patched the following five High severity vulnerabilities as part of Mozilla Foundation Security Advisory 2021-07:
- CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect.
- CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains.
- CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect.
- CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
- CVE-2021-23979: Memory safety bugs fixed in Firefox 86,
Mozilla warned that each of the memory safety vulnerabilities (CVE-2021-23978 and CVE-2021-23979) could lead to memory corruption and be exploited to run arbitrary code. To add, Mozilla also patched four Medium and three Low risk vulnerabilities.
Finally, Mozilla also addressed vulnerabilities in Firefox ESR 78.8 and Thunderbird 78.8.