Firefox Vulnerability Allows Tor User Fingerprinting
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek .
AI Analysis
Technical Summary
The vulnerability CVE-2026-6770 affects Firefox and the Tor Browser by leaking a stable identifier via the IndexedDB API. Firefox stores IndexedDB database names with internal UUID mappings, and the order in which these databases are listed remains consistent across different sites during the same browser session. This consistency allows unrelated websites to link user sessions and fingerprint users despite Private Browsing mode or Tor's New Identity feature, which are designed to isolate user activity. Mozilla rated the issue as medium severity and patched it in Firefox 150. The Tor Project also incorporated the fix in Tor Browser 15.0.10.
Potential Impact
The vulnerability allows threat actors to fingerprint users in Firefox's Private Browsing mode and Tor Browser's New Identity sessions by linking activity across different sites without relying on cookies or shared storage. This undermines privacy protections intended to isolate browsing sessions and protect user anonymity. The fingerprint persists until the browser process is restarted. There are no known exploits in the wild reported at this time.
Mitigation Recommendations
This vulnerability has been officially patched by Mozilla and the Tor Project. Users should update to Firefox 150 or later and Tor Browser 15.0.10 or later to mitigate this issue. No additional user action is required beyond applying these updates. Patch status is confirmed by vendor advisories.
Firefox Vulnerability Allows Tor User Fingerprinting
Description
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek .
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-6770 affects Firefox and the Tor Browser by leaking a stable identifier via the IndexedDB API. Firefox stores IndexedDB database names with internal UUID mappings, and the order in which these databases are listed remains consistent across different sites during the same browser session. This consistency allows unrelated websites to link user sessions and fingerprint users despite Private Browsing mode or Tor's New Identity feature, which are designed to isolate user activity. Mozilla rated the issue as medium severity and patched it in Firefox 150. The Tor Project also incorporated the fix in Tor Browser 15.0.10.
Potential Impact
The vulnerability allows threat actors to fingerprint users in Firefox's Private Browsing mode and Tor Browser's New Identity sessions by linking activity across different sites without relying on cookies or shared storage. This undermines privacy protections intended to isolate browsing sessions and protect user anonymity. The fingerprint persists until the browser process is restarted. There are no known exploits in the wild reported at this time.
Mitigation Recommendations
This vulnerability has been officially patched by Mozilla and the Tor Project. Users should update to Firefox 150 or later and Tor Browser 15.0.10 or later to mitigate this issue. No additional user action is required beyond applying these updates. Patch status is confirmed by vendor advisories.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/firefox-vulnerability-allows-tor-user-fingerprinting/","fetched":true,"fetchedAt":"2026-04-27T08:45:04.983Z","wordCount":969}
Threat ID: 69ef2210ba26a39fba0e3f9d
Added to database: 4/27/2026, 8:45:04 AM
Last enriched: 4/27/2026, 8:45:11 AM
Last updated: 6/12/2026, 12:59:43 AM
Views: 210
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.