Mozilla this week upgraded Firefox to version 85, adding to its overarching emphasis on privacy by isolating supercookies that some sites rely on to track users’ movements on the web.
Engineers also patched 13 vulnerabilities, five of which were marked “High,” Firefox’s second-most-serious label.
Firefox 85 can be downloaded for Windows, macOS, and Linux from Mozilla’s site. Because Firefox updates in the background, most users can simply relaunch the browser to get the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” (On macOS, “About Firefox” can be found under the “Firefox” menu.) The resulting page shows that the browser is either up to date or displays the refresh process.
Mozilla upgrades Firefox every four weeks; the last refresh was on Dec. 15.
Stomping on supercookies
Other than the fixes for the baker’s dozen of security flaws, the most notable change in Firefox 85 is a behind-the-scenes expansion of Mozilla’s bet on privacy.
“In Firefox 85, we’re introducing a fundamental change in the browser’s network architecture to make all of our users safer: we now partition network connections and caches by the website being visited,” said Steven Englehardt and Arthur Edelstein, senior privacy engineer and senior product manager, privacy and security, in a Jan. 26 post to a Mozilla blog. “Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking.”
Mozilla aims to stamp out the dodgy practice of storing user identifiers in “increasingly obscure parts of the browser,” as Englehardt and Edelstein put it, including caches and various types of connections and sessions. Tracking entities have gone to great lengths to hide their trackers as browser makers — Mozilla among them — have blocked more obvious avenues, such as traditional cookies, as they appeal to users’ increasing concerns.
Firefox’s approach, which typically goes by the term Network Partitioning, isolates multiple kinds of caches used by the browser to boost perceived performance by, for instance, drawing on an already-viewed image from a local cache — in memory or perhaps on disk — rather than call it again from its Internet-based source. The goal of caching: save time by eliminating downloads and reserve bandwidth for first-time content retrieval.
Rather than share such content among multiple sites, Firefox will instead quarantine that content to the pertinent site. “This partitioning applies to all third-party resources embedded on a website, regardless of whether Firefox considers that resource to have loaded from a tracking domain,” added Englehardt and Edelstein. “Systematic network partitioning makes it harder for trackers to circumvent Firefox’s anti-tracking features.”
Because the time- and bandwidth-saving techniques of sharing cached content have been discarded, network partitioning has an impact on page load times. Englehardt and Edelstein acknowledged a slight increase of up to 1.3%.
Apple’s Safari has had a form of network partitioning in place since 2013, and Google’s Chrome will soon have its own implementation. Chrome 89, slated to ship March 2, will include this anti-tracking technology, although it will be hidden behind a setting in the chrome://flags page.
Few odds, few ends
Along with the new defense against supercookies, Mozilla slipped some other improvements into Firefox 85.
The browser now remembers the location the user last selected for saved bookmarks; also, the bookmarks toolbar can be set to appear only on new page tabs, an option for tidying up the UI.
Firefox 85 also removed all support for Flash Player. “There is no setting to re-enable Flash support,” Mozilla bluntly said.
The next version of Mozilla’s browser, Firefox 86, will be released Feb. 23.