Mozilla released Firefox 87.0 this morning, the latest version of its open source web browser. Following on from December’s Firefox 85 and February’s Firefox 86, the key features of the new version – Smart Block and improved referrer cropping – are privacy-related.
Firefox has been blocking third-party tracking scripts by default for some time now. For the most part, this works pretty seamlessly, but in some cases missing tracking scripts can disrupt the rendering of a page, either slow it down (as seen in the animated image above, on the left) or break it permanently.
Smart Block takes an extra step to improve rendering on pages that embed third-party trackers – instead of just pulling the script and leaving a “gap” where it was, Smart Block replaces it with what Mozilla describes as “stand -in” script. These stand-in scripts work just enough like the original trackers to restore the intended pageview order and results without actually leaking data to third parties.
Mozilla pulls a lot of its data on what is or isn’t a “common tracking script” that needs a Smart Block stand-in from the Disconnect tracking protection list.
Crop Referrer Enhanced
When you embed an image from another website in your own website, information about your site’s viewers leaks to the administrators of the other website. To illustrate this, we imagine that the operators of
greatsearch.tlda fictitious search engine, contains an image of a sheep from
sheep-pictures.tld on every results page.
The HTML code for the embedded image is simple:
When users of
greatsearch.tld use that site, their browsers see that tag and download automatically
https://sheep-pictures.tld/sheep1.jpg while rendering the page.
Traditionally, the full URL of the referring page is included in that web request… meaning information is leaked to the operators of
sheep-pictures.tldwho would see something like this in their logs:
240.163.255.110 - - [15/Mar/2021:10:28:57 -0400] "GET /sheep1.jpg HTTP/1.1" 200 11676 "http://greatsearch.tld/res ults?really-embarrassing-medical-condition"
Now that we understand the referrer field itself, it’s pretty clear what “trimming referrer” means – and why Mozilla is getting more aggressive about it. If the user above was using Firefox 87 when performing the same search, the operators of
sheep-pictures.tld would instead see the following log entry:
240.163.255.110 - - [15/Mar/2021:10:28:57 -0400] "GET /sheep1.jpg HTTP/1.1" 200 11676 "http://greatsearch.tld/"
Additional solutions and features
Firefox 87.0 also includes improvements to the Find In Page Highlight All feature, full support for the built-in VoiceOver screen reader in macOS, and several minor user interface improvements, security fixes, and general tweaks. For the full list, see Mozilla’s own release notes for Firefox 87.0.