Firefox and Tor Browser Uniquely Vulnerable to Stable Identifier Leak

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW identity
Firefox and Tor Browser Uniquely Vulnerable to Stable Identifier Leak

Researchers from Fingerprint.com have uncovered a significant privacy flaw affecting Firefox-based browsers, including Tor Browser. The vulnerability stems from how IndexedDB databases are enumerated via indexedDB.databases(). The order in which these databases are returned can serve as a stable identifier, linking a browser’s activity across different sites within a single session.

This bypasses standard privacy protections. In Tor Browser, this identifier persisted even after using the ‘New Identity’ feature, which is designed to break such tracking. With just 16 database names, attackers can achieve approximately 44 bits of entropy, sufficient to uniquely fingerprint a specific browser instance. Mozilla has already released patches for Firefox 150 and ESR 140.10.0 to address this issue.

What This Means For You

  • If you are using Firefox or any browser based on its engine (including Tor Browser), update immediately. This vulnerability allows for persistent browser fingerprinting, undermining anonymity and potentially linking user activity across sessions and even across Tor identity switches. Ensure your entire user base is running patched versions.
🛡️ Am I exposed to this? Check if Mozilla impacts your environment — get SIEM detection rules instantly

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

medium T1056.001 Collection

Firefox/Tor Browser IndexedDB Enumeration for Fingerprinting

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Written by SCW Threat Desk

Take action on this incident
📡 Monitor mozilla.org Free · 1 watchlist slot · instant alerts on new breaches 🔍 Threat intel on Mozilla All breaches, IOCs & vendor exposure

Related Posts

AI Unleashed: Autonomous Cloud Attacks Now a Reality, Unit 42 Warns

Palo Alto Unit 42's latest research demonstrates the frightening potential of multi-agent AI systems to autonomously launch sophisticated attacks against cloud environments. This isn't theoretical;...

threat-intelAPTmalwareresearchcloudidentity
/SCW Research /MEDIUM

Enforce account lockout policy

Brute-force attacks against user accounts are not sophisticated, but they are incredibly effective. If your Windows Servers aren't locking accounts, you're essentially providing an infinite...

lockdown-labhardeningwindowsidentity
/Shimi Cohen

New npm Supply Chain Attack Steals Developer Auth Tokens

A novel supply chain attack is actively targeting the Node Package Manager (npm) ecosystem, specifically designed to steal developer credentials. BleepingComputer reports that the attack...

threat-inteldata-breachmalwareidentity
/SCW Research /HIGH /⚙ 3 Sigma