Back

Firefox Bug CVE-2026-6770 Allows Tracking of Tor Users

Severity: Medium (Score: 57.8)

Sources: Securityaffairs.Co, News.Risky.Biz

Summary

A newly discovered vulnerability, CVE-2026-6770, allows attackers to fingerprint users of Firefox and Tor browsers, even in Private Browsing mode. The flaw, identified in the IndexedDB API, enables the creation of a database that can be queried to track users across different sessions. This vulnerability affects both standard and private browsing modes in Firefox and the Tor Browser, undermining the privacy protections intended by Tor's New Identity feature. Mozilla has released patches in Firefox 150 and Tor Browser 15.0.10 to address this issue. The bug went largely unnoticed amid other security discussions, despite its significant implications for user privacy. Users are advised to update their browsers promptly to mitigate the risk of being tracked. The vulnerability was publicly disclosed on April 21, 2026, and the patches were released shortly thereafter. Key Points: • CVE-2026-6770 allows tracking of Firefox and Tor users via IndexedDB. • The vulnerability affects both normal and Private Browsing modes. • Patches were released in Firefox 150 and Tor Browser 15.0.10 on April 21, 2026.

Key Entities

  • Data Breach (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Worm (attack_type)
  • Glassworm Campaign (campaign)
  • Modbus Campaign (campaign)
  • 7-Eleven (company)
  • Canada Life (company)
  • Carnival (company)
  • Favelle Favco (company)
  • Harrison County (company)
  • Udemy (platform)
  • Firefox (platform)
  • Tor Browser (platform)
  • VSCode (platform)
  • Windows (platform)
  • Canada (country)
  • China (country)
  • Nigeria (country)
  • Russia (country)
  • Türkiye (country)
  • CVE-2024-32114 (cve)
  • CVE-2026-21510 (cve)
  • CVE-2026-32202 (cve)
  • CVE-2026-34197 (cve)
  • CVE-2026-6770 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • antenna.gr (domain)
  • in.gr (domain)
  • Financial (industry)
  • Fast16 (malware)
  • Glassworm (malware)
  • Morpheus (malware)
  • Urelas (malware)
  • Lotus Wiper (malware)
  • T1566 - Phishing (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Safepay (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed