Firefox 88: The Mozilla Firefox 88 update offers a new data protection feature

The latest update for the Mozilla Firefox Web browser, Firefox 88added a new privacy feature that deals with a JavaScript Variable named “window.name”. When you open a new tab in a browser, it can usually tag the new tab with a name or tag. This “named” page can be used as a target to open more content and, as such, leaves a window open for hackers to sniff around on your system.
According to a report from Nackter Sicherheit.sophos.com, the window.name property does not follow what is known as the Same-Origin Policy (SOP), whereby only cookies and JavaScript variables set by website X can be read back from website X. The SOP is an essential part of web security as it prevents Site Y, which may be an unscrupulous marketing site or crook-run phishing site, from accessing personally identifiable information stored on Site X. ”
Why can the window.name property be dangerous? The cookies and other location-specific JavaScript variables can store sensitive details such as your username, your bank credentials, your profile, the contents of your shopping cart and more. Hence the property window.name could be exploited to bypass the planted SOP and malware attacks.
But with Firefox 88, the company claims it plugged that hole. “To fix this leak, Firefox is now limiting the window.name property to the website that created it.” When a user opens a tab in Firefox with the new update, the window.name property is limited to that tab only. If you enter a different address on this tab, the value stored in the window.name variable will be erased and so hopefully no trace of web activity can be lost.

.

Leave a Reply