All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Firefox Privacy Vulnerability: IndexedDB Database Ordering Enables Cross-Origin User Fingerprinting

By

danpinto

1mo ago· 8 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Fresh out the oven, still warm. Top of the tray.

Score100TypeanalysisSentimentnegative

Summary

Researchers discovered a privacy vulnerability in Firefox-based browsers (including Firefox Private Browsing and Tor Browser) that allows websites to fingerprint and track users across different origins. The vulnerability exploits the deterministic ordering of IndexedDB database entries, which creates a unique, stable identifier that persists for the browser process lifetime. This enables unrelated websites to link user identities even in private browsing modes, undermining privacy protections users expect from these browsers.

Key quotes

· 4 pulled
The issue allows websites to derive a unique, deterministic, and stable process-lifetime identifier from the order of entries returned by IndexedDB, even in contexts where users expect stronger isolation.
This means a website can create a set of IndexedDB databases, inspect the returned ordering, and use that ordering as a fingerprint for the running browser process.
Because the behavior is process-scoped rather than origin-scoped, unrelated websites can independently observe the same identifier and link activ
We discovered a privacy vulnerability in Firefox Private Browsing and Tor Browser that allows websites to fingerprint and track users across origins using IndexedDB database ordering, even after closing all private windows.
Snippet from the RSS feed
We discovered a privacy vulnerability in Firefox Private Browsing and Tor Browser that allows websites to fingerprint and track users across origins using IndexedDB database ordering, even after closing all private windows.

You might also wanna read

FROST attack uses browser API to spy on browsing activity via SSD timing measurements, researchers find

Security researchers at Graz University of Technology have published a paper describing FROST (Fingerprinting Remotely using OPFS-based SSD

tomshardware.com·1d ago

New FROST technique lets websites track visitors by analyzing SSD activity

A new tracking technique called FROST (fingerprinting remotely using OPFS-based SSD timing) allows websites to spy on visitors by analyzing

23.social·3d ago

New browser-based side-channel attack uses SSD activity analysis to spy on users

Researchers have discovered a new browser-based side-channel attack that can spy on users by analyzing SSD (Solid State Drive) activity thro

arstechnica.com·1d ago