Firefox Patches Critical Tracking Flaw (CVE-2026-6770); LinkedIn Mobile Browsergate Exposes Data
This newsletter is AI generated and may hallucinate sometimes 😊
Firefox Bug CVE-2026-6770 Enabled Cross-Site Tracking and Tor Fingerprinting
- A critical Firefox bug, identified as CVE-2026-6770, allowed for severe cross-site tracking and direct fingerprinting of Tor Browser users.
- The vulnerability exploited a flaw in Firefox's handling of certain network requests, specifically involving HTTP headers and redirects, which could leak unique identifiers across different websites.
- Mozilla has patched CVE-2026-6770 in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10, urging all users to update their browsers immediately.
Source: Security Affairs | Date: April 22, 2026
LinkedIn Mobile App Vulnerable to 'Browsergate' Data Leak Flaw
- The "Browsergate" vulnerability affects the LinkedIn mobile app on both Android and iOS platforms, specifically in its handling of URLs and interaction with the device's default browser.
- This flaw can lead to sensitive data leakage, including session cookies, authentication tokens, and potentially other private information, to malicious third-party websites.
- The vulnerability arises from the LinkedIn app opening certain URLs directly in the default browser without adequate sanitization, allowing malicious JavaScript to execute within the victim's browser context.
Source: Security Affairs | Date: April 22, 2026
References
- Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting - Security Affairs
- LINKEDIN BROWSERGATE - Security Affairs