Firefox Bug CVE-2026-6770 Allows Tracking of Tor Users

Firefox Bug CVE-2026-6770 Allows Tracking of Tor Users

First seen 27 Apr 2026, 12:02 UTC News.Risky.BizSecurityaffairs.CoScworld 76% similarity 57.8

Article Content

Browse articles
ThreatCluster

A newly discovered vulnerability, CVE-2026-6770, allows attackers to fingerprint users of Firefox and Tor browsers, even in Private Browsing mode. The flaw, identified in the IndexedDB API, enables the creation of a database that can be queried to track users across different sessions. This vulnerability affects both standard and private browsing modes in Firefox and the Tor Browser, undermining the privacy protections intended by Tor's New Identity feature. Mozilla has released patches in Firefox 150 and Tor Browser 15.0.10 to address this issue. The bug went largely unnoticed amid other security discussions, despite its significant implications for user privacy. Users are advised to update their browsers promptly to mitigate the risk of being tracked. The vulnerability was publicly disclosed on April 21, 2026, and the patches were released shortly thereafter.

Key Points: • CVE-2026-6770 allows tracking of Firefox and Tor users via IndexedDB. • The vulnerability affects both normal and Private Browsing modes. • Patches were released in Firefox 150 and Tor Browser 15.0.10 on April 21, 2026.

ThreatCluster AI

Timeline

2024-05-02
CVE-2024-32114 published
2026-02-10
CVE-2026-21510 published
2026-04-07
CVE-2026-34197 published
2026-04-14
CVE-2026-32202 published
2026-04-21
CVE-2026-6770 published, vulnerability disclosed
2026-04-21
Patches released for Firefox 150 and Tor Browser 15.0.10

Community

Browse all →