A critical flaw in Firefox and Tor Browser allowed malicious websites to generate persistent user identifiers by exploiting the predictable order in which the IndexedDB API returned entries, bypassing private browsing modes and Tor's "New Identity" feature. Both Mozilla and the Tor Project have released patches to address this vulnerability.
Privacy , Identity Firefox and Tor Browser vulnerability allowed hidden identifiers April 27, 2026 Share By SC Staff (Adobe Stock) Researchers uncovered a critical flaw in Firefox and Tor Browser that allowed websites to generate hidden, stable identifiers without cookies, Tech Radar reports. The vulnerability stemmed from the behavior of IndexedDB, a browser database used for storing large amounts of data. Researchers from Fingerprint discovered that the order in which IndexedDB returned entries was not random but reflected internal browser processes. This predictable order could be exploited by malicious websites to create a unique, persistent identifier for users, even when using private browsing modes or Tor Browser's "New Identity" feature. This method allowed for tracking users without relying on traditional cookies or other obvious tracking mechanisms. Both Mozilla and the Tor Project responded swiftly, releasing patches to address the vulnerability. Source: Tech Radar SC Staff Related Security Operations Telecom infrastructure exploited in global spy campaigns SC Staff April 24, 2026 The Citizen Lab's report details how surveillance vendors, operating as covert entities, piggybacked on legitimate cellular providers to access and exploit network weaknesses. Security Operations UK Biobank volunteer data appears on Alibaba SC Staff April 24, 2026 The discovery was revealed by UK technology minister Ian Murray in the House of Commons on Thursday, coinciding with Biobank's own confirmation of the data issue. Government Regulations House GOP eyes nationwide rules on data collection SC Staff April 23, 2026 CyberScoop reports that House Republicans have introduced a draft national digital privacy bill aimed at establishing business and consumer data protections against exploitation for advertising and other purposes. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Anonymization Authenticity Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Digest Authentication Discretionary Access Control (DAC) Geolocation Inference Attack You can skip this ad in 5 seconds