Mozilla has released Firefox 145, introducing a significant upgrade to its anti-fingerprinting technology that substantially reduces the number of users vulnerable to this form of covert tracking. This update represents the completion of the second phase of a multi-year privacy initiative, moving beyond simply blocking known malicious scripts to proactively limiting the system information the browser exposes to all websites. According to Mozilla, these new defenses reduce the number of Firefox users who can be uniquely identified by nearly 50%2, a statistic that has direct implications for the fidelity of data collected during adversary reconnaissance phases.
For security professionals, browser fingerprinting is not merely a privacy concern but a tool frequently leveraged during the initial stages of a targeted attack. By creating a unique identifier from a combination of hardware and software characteristics, threat actors can track potential targets across the web, build detailed profiles of organizational software fleets, and identify anomalous systems for further exploitation. The new protections in Firefox 145 aim to disrupt this data collection by standardizing the values returned for specific, highly identifying system properties, thereby making a larger portion of the user base appear identical to tracking scripts.
Technical Implementation of New Protections
The core of the Firefox 145 upgrade lies in its proactive limitation of specific JavaScript APIs that are commonly abused for fingerprinting. Unlike the initial 2019 approach which relied on a blocklist of known fingerprinting domains6, this new phase applies a “layered approach” that restricts information exposure to all websites by default to combat stealthy trackers not yet on blocklists4. The browser now returns standardized or “quantized” values for several key data points. The number of processor cores, accessible via `navigator.hardwareConcurrency`, is reported as “2” regardless of the actual core count on the user’s machine. Similarly, the number of simultaneous touchpoints a screen supports (`navigator.maxTouchPoints`) is standardized to 0, 1, or 5. For screen metrics, the available screen space (`screen.availHeight`) is reported as the full resolution minus a fixed 76 pixels in height2, 3. This technique increases anonymity by collapsing many unique hardware configurations into a smaller set of common profiles.
Mozilla has carefully balanced these privacy enhancements against the need for website compatibility. Legitimate web applications, such as calendar tools that require accurate time zones or graphics-intensive games that need specific GPU information, are granted exemptions to ensure core functionality is not degraded1, 3. This balance is critical for widespread adoption and avoids the pitfalls of earlier, more aggressive fingerprinting protections that often broke website functionality. The protections are enabled by default in Private Browsing mode and when Enhanced Tracking Protection (ETP) is set to “Strict,” but can be customized by users in the “Custom” ETP settings5.
Strategic Relevance for Security Operations
The evolution of Firefox’s anti-fingerprinting strategy presents a shifting landscape for both offensive and defensive security operations. For red teams, the reliability of fingerprinting data for target identification and tracking is diminished. A script that previously could distinguish between a developer’s high-performance workstation and a standard corporate laptop may now receive identical hardware concurrency data from both, complicating efforts to prioritize targets based on system value. This reduction in signal granularity forces a reassessment of reconnaissance techniques that over-rely on passive browser fingerprinting, potentially pushing threat actors toward more active and detectable probing methods.
For blue teams and security architects, the widespread adoption of these protections within an organization can serve as a form of herd immunity for the corporate fleet. By making a large portion of the user base indistinguishable based on specific hardware and software characteristics, it becomes more difficult for attackers to single out high-value targets or identify vulnerable software versions during the reconnaissance phase. This aligns with the principle of reducing the attack surface. System administrators should be aware that these protections can, in rare cases, cause compatibility issues with legacy internal web applications; the recommended troubleshooting step is to temporarily disable ETP for the specific site via the shield icon in the address bar and report any “broken site” to Mozilla for analysis5.
Historical Context and Future Trajectory
The release of Firefox 145 is not an isolated event but the latest step in a strategy that began in 2019. The initial phase, introduced in Firefox 67 (Beta) and Firefox 68 (Nightly), focused on a blocklist-based approach in partnership with Disconnect to block scripts from domains known for fingerprinting and cryptomining6. This was a reactive measure, effective only against known malicious actors. The current phase represents a fundamental shift to a proactive defense, limiting the information available from the start. This evolution mirrors a broader trend in security from blacklisting to proactive containment and system hardening.
Looking forward, the continued development of these technologies will likely focus on closing remaining gaps in the fingerprinting surface. Community discussions, such as those on the `r/firefox` subreddit regarding “Resist Fingerprinting Exemptions”7, indicate ongoing engagement with the technical implementation and potential loopholes. As fingerprinting techniques evolve to use more complex combinations of data points, browser vendors will be forced to expand the scope of their protections, potentially standardizing additional APIs. This creates a cyclical arms race between trackers and browser developers, with significant implications for the future of anonymous browsing and the cost of conducting large-scale reconnaissance.
The introduction of stronger anti-fingerprinting defenses in Firefox 145 marks a substantial step in protecting user privacy and complicating the efforts of threat actors who rely on passive reconnaissance. By standardizing key system identifiers, Mozilla has effectively reduced the utility of a common tracking method. For security teams, this development underscores the importance of understanding the technical mechanisms behind privacy features, as they directly impact the tactics and procedures used in both attacking and defending modern digital environments. As browser-based defenses continue to mature, they will play an increasingly important role in the overall security posture of organizations.
