Researchers have identified a vulnerability (CVE-2026-6770) in Firefox and the Tor browser that allows threat actors to fingerprint users, even in Private Browsing mode, by exploiting the IndexedDB API to link user activity across different sites. Mozilla has addressed the issue in Firefox 150, while the Tor Project has also implemented the patch in Tor Browser 15.0.10.
The key insight for you is that a vulnerability (CVE-2026-6770) affecting Firefox and the Tor browser allows threat actors to fingerprint users even in Private Browsing mode, which defeats Tor's "New Identity" feature. This could have significant implications for privacy and anonymity efforts. Ensure your organization's users update to the latest versions (Firefox 150 and Tor Browser 15.0.10) where this vulnerability has been patched, and consider revisiting your privacy protocols, especially if relying on these browsers for secure and anonymous communications.