Researchers discovered a privacy vulnerability in Firefox's IndexedDB implementation that allows websites to derive a stable, process-lifetime identifier to link activity across origins. The issue persists in Tor Browser even through the "New Identity" feature, defeating its unlinkability guarantees. Mozilla patched the issue in Firefox 150 and ESR 140.10.0 (tracked as Mozilla Bug 2024220).
Safety
We Found a Stable Firefox Identifier Linking All Your Private Tor Identities
Firefox's IndexedDB implementation leaks a stable identifier that persists across Tor Browser's "New Identity" resets, allowing sites to link private browsing sessions until the fix in Firefox 150.
Wednesday, April 22, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety