What's in the latest Firefox update? Firefox 70 stops social media trackers
Mozilla on Tuesday upgraded Firefox to version 70, enhancing its anti-tracking technology with new blockers that automatically stymie social media trackers and compiling reports so users can see what spying the browser has stopped.
Security engineers at Mozilla also included patches for 13 vulnerabilities, one marked "Critical" and three marked "High," the organization's two top threat ratings. The critical flaw was described as "memory safety bugs," a label that's present in virtually every Firefox upgrade's patch list. "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code," Mozilla wrote in the accompanying security advisory.
Firefox 70 can be downloaded for Windows, macOS and Linux from Mozilla's site. Because Firefox updates in the background, most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." The resulting page shows that the browser is either up to date or describes the refresh process.
Mozilla updates Firefox every six to eight weeks; it last upgraded the browser on Sept. 3.
Stops trackers from Twitter, Facebook, LinkedIn
Mozilla amped up its assault on trackers, the bits and pieces in websites and on pages that collectively allow advertisers - primarily but not exclusively them - to watch where users go on the web in an effort to piece together profiles, which in turn are used to deliver advertisements that, theoretically at least, should be more appealing and likely to trigger a purchase.
On the heels of Firefox 69, which switched on Enhanced Tracking Protection (ETP) for all users, Mozilla this version added trackers from several social media giants - Facebook, Twitter and the jobs-related LinkedIn (owned by Microsoft) - to the browser's block list.
"Social networks place trackers on other websites to follow what you do, see, and watch online," Mozilla wrote. "This allows social media companies to collect data about your browsing history and improve their ad targeting."
Users can set social media blockers at two strength levels - Standard (the default) and Strict - just as they can blockers for other classes of trackers.
Privacy report card
Firefox 70 also introduced a basic privacy report that describes the number of times the browser blocked a tracker - broken down by cross-site, social media, fingerprinter and cryptominer categories - over the past week with totals segregated by day.
The report also displays the number of email addresses monitored for inclusion in publicly-known data breaches, the number of those breaches and how many passwords were leaked in those hacks. (The data comes from Firefox Monitor, which Mozilla introduced a year ago.)
To access the report, click the shield-like icon in the address bar - it's at the far left of the bar - then select "Show Report" from the drop-down menu. Or type about:protections in the address bar and hit Enter to bring up the report.
Mozilla has ulterior motives in pushing the report. The more impressed users are by the report's totals - particularly the number of blocked trackers, cookies and content both - the more likely they are to stick with Firefox and recommend it to others.
Firefox has held on for the last two months in the fight over user share, but it's still in the sub-9% cellar. Mozilla has banked on its privacy work, notably ETP, to bring in new users (or bring back deserters), so the only surprise is that it waited until now to debut a report lauding its accomplishments.
Lock 'em up, Danno!
During the summer, Mozilla started showing off a built-in Lockwise password manager in an under-baked preliminary version of Firefox 70. In that same preview, Mozilla demonstrated how Lockwise worked alongside its already-available Firefox Monitor, a service that provides warnings to users when their saved passwords have been revealed by a data hack.
The release version of Firefox 70 puts the two - the Lockwise password manager and the Monitor password revelation tool - in the hands of all users. And almost the way Mozilla outlined it earlier.
While Lockwise will crank out a password for the user when she creates a new account on a site, it's not possible to ask the manager to craft one of those very strong passwords for an existing, stored account. That's a pity, because that feature comes in handy in a third-party password manager when its user is told - because of a data breach, for instance - to change a password. And make it strong while they're at it.
Other parts of Lockwise, notably those that come courtesy of the marriage between Lockwise and Firefox Monitor, are there, said Mozilla, but not testable because Computerworld couldn't come up with an account revealed by a breach. The collaboration as described sounds slick: Exposed accounts are to be marked on the Lockwise page with both an icon in the list on the left and with a more prominent note in the main section on the right. (A Mozilla video shows how it's supposed to look and work.)
One bit that was planned for the merger between Lockwise and Monitor - the ability to sort accounts so that revealed-by-hack usernames and passwords would be at the top of the list - didn't make the cut with Firefox 70, as it was absent in the version pushed to users Oct. 22.
Elsewhere in Firefox 70, Mozilla claimed that it significantly reduced the browser's power consumption on macOS (and published a technical thicket of a piece explaining that).
The next version, Firefox 71 - and the last of the year - should launch Dec. 3.