Firefox 69 Disables Flash Support ad Default Tracking Cookies
Mozilla's latest Firefox browser, Firefox 69, now blocks third-party cookies by default. It also disables disables support for Adobe Flash Player by default. Mozilla also addressed several vulnerabilities in the browser. Mozilla has been planning to ramp up its efforts around blocking tracking cookies, and now with the release of Firefox 69, consumers can access those capabilities through a new default feature called Enhanced Tracking Protection.
Enhanced Tracking Protection works in the background to keep a company from forming a profile of you based on them tracking your browsing behavior across websites, often without your knowledge or consent. Those profiles and the information contained may then be sold and used for purposes you never intended.
In Firefox 69, if you see a purple shield icon on their address bar, Enhanced Tracking Protection is on. To see which companies Mozilla blocks, Firefox users can also click on the icon, go to the Content Blocking section, then click Cookies, where they can see Blocking Tracking Cookies. The feature also blocks cryptominers, which can access users' CPUs and drain battery power to generate cryptocurrency, as well as fingerprinting scripts, which gather a snapshot of computer configuration when users visit a website. To get protection from fingerprinting scripts Firefox users can turn on Strict Mode which Mozilla plans to turn on as default in later versions.
Firefox 69 also followed Google's Chrome 76 by disabling default support for Adobe Flash Player. The disabled default support means that Firefox users will now be required to manually enable Adobe Flash in Firefox 69. More importantly, the change signals another step toward the end of Flash in general, as Mozilla and other popular browsers to phase out the plugin. The news follows Adobe's announcement in July 2017 that it plans to push Flash into an end-of-life state, meaning that it will no longer update or distribute Flash Player at the end of 2020.
Firefox 69 also addresses security vulnerabilities. One critical vulnerability, CVE-11751, allows malicious code through command line parameters for Firefox browsers on Windows OS. The issue exists because logging related command line parameters are not properly scrutinized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location. Another flaw that was addressed is a use-after-free vulnerability, CVE-2019-11746, that could result in a exploitable crash. Another high severity flaw, a same-origin policy violation, CVE-2019-11742, which could allow data theft. Finally, a third flaw, flaw, CVE-2019-11736, was addressed which allowed file manipulation and privilege escalation in Mozilla Maintenance Service.