Firefox 79 makes some links more secure

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
by Martin Brinkmann on June 25, 2020 in Firefox - Last Update: June 25, 2020

Mozilla plans to introduce a change in an upcoming version of Firefox Stable that makes the handling of links more secure. The organization introduced an option in Firefox Nightly back in November 2018 that set the link attribute rel="noopener" if target="_blank" is set.

The target="_blank" directive orders the web browser to open the target of the link in a new browser tab; otherwise, the link will be opened in the same tab.

The problem with target="_blank" is that the resource of the link gets full control over the originating window object even if it is a different site. You can check out this -- harmless -- demo of how the linked resource may manipulate content on the originating page.

Basically, it allows the target site to change content on the originating site, e.g. to use it for phishing or to change information on the originating page. A user who switches back to the originating tab might not notice the manipulation.

Advertisers may abuse the functionality as well, e.g. to display advertisement on the linking site.
ghacks-rel-noopener.png

Webmasters may set rel="noopener" for links to protect users and their sites against any form of manipulation. We set the attribute for all links automatically here on Ghacks, but many sites don't.

Mozilla plans to set rel="noopener" for all links that use target="_blank" from Firefox 79 onward. It is interesting to note that setting rel="noopener" may also improve performance.

Webmasters who want to retain the classic behavior need to set "rel="opener" manually to ensure that the functionality remains active.

Mozilla plans to release Firefox 79 on July 28, 2020 according to the Firefox release schedule. It is unclear why it took so long to get implemented in Firefox Stable.

Apple has introduced the same functionality in the company's Safari browser in March 2019, and Google plans to introduce it in Chrome as well in the future.

Firefox users and other browser users can also install browser extensions such as Don't Touch My Tabs to set rel="noopener" automatically.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top