Ethical Hacking News
A critical vulnerability was discovered in Mozilla Firefox and Tor Browser, allowing attackers to track users across multiple sites using cross-site tracking and fingerprinting through stable identifiers. The affected versions were released on April 21, 2026, with patches available shortly thereafter.
A critical vulnerability (CVE-2026-6770) was discovered in Mozilla Firefox and Tor Browser on April 27, 2026. The bug allows attackers to track users across multiple sites using cross-site tracking and fingerprinting through stable identifiers. The issue lies in the IndexedDB storage system used by both browsers, which creates a unique identifier for each user's browsing session. Attackers can link user data across origins and sites, undermining core privacy expectations. Patches were released for Firefox (version 150) and Tor Browser (version 15.0.10) to protect against the exploitation of CVE-2026-6770.
On April 27, 2026, a critical vulnerability was discovered in Mozilla Firefox and Tor Browser, which has been labeled as CVE-2026-6770. This bug allowed attackers to track users across multiple sites using cross-site tracking, while also fingerprinting them through the use of stable identifiers. The affected versions of Firefox were released on April 21, 2026, while Tor Browser was updated to version 15.0.10.
The researchers who discovered this vulnerability explained that the issue lies in the IndexedDB storage system used by both browsers. This system allows websites to store data locally on users' devices, which can be accessed even when users are in Private mode or using the Tor browser. In essence, this creates a unique identifier for each user's browsing session, allowing websites to link their activity across different sites and maintain a persistent record of user behavior.
The researchers further emphasized that the impact of this bug goes beyond mere tracking or fingerprinting. By utilizing the stable identifiers generated by IndexedDB, attackers can create a persistent record of user activity, even after closing all private windows or restarting the browser. This allows them to link user data across origins and sites, which undermines core privacy expectations.
It is worth noting that both Firefox and Tor Browser have since released patches for this vulnerability, with Mozilla addressing the issue in version 150 and version 15.0.10 of Tor Browser respectively. These updates ensure that users are protected against the exploitation of CVE-2026-6770 and its associated risks to user privacy.
The discovery of this bug highlights the ongoing struggle between security experts, researchers, and browser developers to balance the need for robust security features with the ever-evolving needs of web applications and user experience. It also underscores the importance of transparency and timely patching of vulnerabilities in order to protect users from potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/-Firefox-Bug-CVE-2026-6770-Exposed-to-Widespread-Vulnerability-A-Threat-to-User-Privacy--ehn.shtml
https://securityaffairs.com/191374/security/firefox-bug-cve-2026-6770-enabled-cross-site-tracking-and-tor-fingerprinting.html
https://cyberinsider.com/firefox-flaw-enables-cross-site-tracking-undermines-tor-browser-defenses/
https://www.netcrook.com/firefox-fingerprint-vulnerability-tor-exposed/
Published: Mon Apr 27 06:13:09 2026 by llama3.2 3B Q4_K_M
