Firefox 86 gets a privacy boost with Total Cookie Protection

Mozilla Firefox 86 was released today with Total Cookie Protection, a new privacy feature that prevents web trackers from keeping tabs on your activity while browsing the web.

Windows, Mac, and Linux desktop users can upgrade to Firefox 86 from Options -> Help -> About Firefox. Firefox will automatically check for the new update and will install it if available.

With the release of Firefox 86, all other Firefox development branches have also moved up a version bringing Firefox Beta to version 87, and the Nightly builds to version 88.

You can also  get a Firefox 86 installer from the following download links:

• Firefox 86 for Windows 64-bit
• Firefox 86 for Windows 32-bit
• Firefox 86 for macOS
• Firefox 86 for Linux 64-bit
• Firefox 86 for Linux 32-bit
• Firefox 86 for Android

If the links above haven't yet been updated to download the latest Firefox version, you can download the browser installer from Mozilla's official release directory.

Below you can find the significant changes and improvements in Firefox 86. If you want to read the full release notes for this version, you can do so here.

Blocks cookies designed to track you across the web

"Today, Firefox introduces Total Cookie Protection to Strict Mode. In Total Cookie Protection, every website gets its own 'cookie jar,' preventing cookies from being used to track you from site to site," the released notes read.

"In addition, Total Cookie Protection makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers," Mozilla added.

Mozilla has been fighting ad tech companies' online tracking efforts since 2019 when it enabled enhanced tracking protection in Firefox by default to block cookies from known trackers automatically.

Beginning with the launch of Firefox 72 in January 2020, Mozilla's web browser also auto-blocks scripts used by fingerprinting companies for browser fingerprinting through cross-site tracking.

Starting with Firefox 85, the browser also comes with supercookie protection to block hidden trackers from keeping tabs on users' web browsing activity.

This works by isolating caches and network connections for each visited website to make supercookies (a cookie type that can't be cleared even when clearing browser cookies) useless for tracking users across sites.

"In combination with the Supercookie Protections we announced last month, Total Cookie Protection provides comprehensive partitioning of cookies and other site data between websites in Firefox," Mozilla explained.

"Together these features prevent websites from being able to 'tag' your browser,  thereby eliminating the most pervasive cross-site tracking technique."

Other Firefox 86 new features and changes

This Firefox release also comes with added support for watching multiple videos in Picture-in-Picture and a cleaner printer settings design with integration improvements.

Firefox 86 also comes with noteworthy stability and performance improvements by moving WebGL and canvas drawing to the GPU process.

Mozilla has also added a handful of fixes, including:

• Reader mode now works with local HTML pages.

• Using screen reader quick navigation to move to editable text controls no longer incorrectly reaches non-editable cells in some grids such as on messenger.com.

• The Orca screen reader's mouse review feature now works correctly after switching tabs in Firefox.

• Screen readers no longer report column headers incorrectly in tables containing cells spanning multiple columns.

• Links in Reader View now have more color contrast.

Also fixes high severity security vulnerabilities

Firefox 86 also addresses multiple security bugs with ratings ranging from low to high severity.

For instance, the CVE-2021-23978 and CVE-2021-23979 vulnerabilities caused by memory safety bugs allow attackers to execute arbitrary code remotely on systems running unpatched Firefox versions.

"Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code," Mozilla said.

The full list of vulnerabilities fixed in Firefox 86 includes:

  • CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
  • CVE-2021-23970: Multi-threaded WASM triggered assertions validating separation of script domains
  • CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
  • CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass
  • CVE-2021-23971: A website's Referrer-Policy could have been be overridden , potentially resulting in the full URL being sent as a Referrer
  • CVE-2021-23976: Local spoofing of web manifests for arbitrary pages in Firefox for Android
  • CVE-2021-23977: Malicious application could read sensitive data from Firefox for Android's application directories
  • CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached
  • CVE-2021-23975: about:memory’s Measure function caused an incorrect pointer operation
  • CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
  • CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
  • CVE-2021-23979: Memory safety bugs fixed in Firefox 86