Firefox 133 adds privacy-boosting ‘bounce tracking’ protection

The release of Firefox 133 brings further improved privacy protection through bounce tracking protection. A number of fixed vulnerabilities improve security. Firefox ESR, Tor Browser and Thunderbird also receive updates.

Mozilla’s security report 2024-63 lists 17 fixed vulnerabilities for Firefox 133. Mozilla classifies two of the vulnerabilities as high risk: CVE-2024-11691 only affects Mac computers with Apple’s M processors (“Apple Silicon”). Here, certain WebGL operations can lead to exploitable memory errors. CVE-2024-11699 concerns summarized, internally discovered vulnerabilities. These could potentially be exploited to execute arbitrary code. Several of the vulnerabilities categorized as medium risk only affect Android.

What’s new in Firefox 133

The biggest new feature in Firefox 133 is privacy protection. The new anti-tracking function, called Bounce Tracking Protection, recognizes bounce trackers by their redirection behavior. Bounce trackers are designed to trick anti-tracking measures. Firefox regularly deletes associated cookies and website data. The prerequisite is that you have selected strict mode in Settings > Privacy & security > Improved protection against activity tracking.

GPU-accelerated Canvas2D is now enabled by default on Windows computers, which should improve performance. Like WebGL, the Canvas API is used to draw text, images and shapes.

Updates for Firefox ESR, Tor Browser and Thunderbird

Mozilla has updated its long-term versions Firefox ESR 128 and ESR 115 and also eliminated vulnerabilities. Nine vulnerabilities have been fixed in Firefox ESR 128.5.0 and two in Firefox ESR 115.18.0. The updated Tor Browser 14.0.3 is based on Firefox ESR 128.5.0, but the Tor developers state that they have also ported security improvements from Firefox 133. An update for Tor Browser 13.5 to 13.5.10 is also available if you are running Windows 7 / 8.1 or macOS 10.13 / 10.14. Firefox ESR 115 and the Tor Browser 13.5 based on it will be supported at least until March 2025.

The update to Thunderbird 128.5.0esr fixes nine vulnerabilities and some bugs. In contrast to Firefox, Thunderbird no longer supports older operating system versions – version 115.16.2 is the end of the line for Thunderbird 115. Thunderbird 133 (without “esr”) is currently only available for testing purposes (troubleshooting). Thunderbird for Android has now been released and is available as version 8.0 without beta status on Google Play.

Mozilla plans to release Firefox 134 at the beginning of January.