What's new and changed in Firefox 85.0

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Problem: ECH needs servers

While Firefox does support ECH, it is just one side of the coin as servers are needed for the feature to work. Cloudflare's test reveals that the SNI is not encrypted currently even while the feature is enabled in Firefox, and that indicates that the default provider, which is Cloudflare, has not enabled it yet.

Firefox users who used the feature prior to version 85.0 Stable found themselves in a precarious situation: Mozilla did remove the feature from the browser, but there was no option to use ECH yet; this in turn meant that privacy could be impacted. Users reported the issue on Mozilla's bug tracking site, some stating that dropped support would allow censorship mechanics to work again. All these reports appear to have received the "won't fix" status.

Mozilla suggests that users use Firefox ESR for the time being, as support for ESNI is still available in that browser. It is an option, but users would have to be aware of the change first to make the switch.

It is unclear why Mozilla removed support for ESNI early. It would have been better from a user point of view if Mozilla would have waited until servers would be available that support ECH. Cloudflare, being the default provider in Firefox, being a prime choice for that.

Firefox users who require it may switch to ESR for the time being. ECH looks more promising than ESNI, but Mozilla's timing could have been better.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top