Mozilla bumped Firefox to version 90, launching an enhanced version of its anti-tracking technology that allows exceptions for logging in to sites with the user’s Facebook credentials.

The outfit’s engineers also patched nine vulnerabilities, five tagged as “High,” Firefox’s second-most-serious label. Two of the nine were found only in the Android edition of the browser, but none were marked “Critical,” the direst flaw category.

Firefox 90 can be downloaded for Windows, macOS, and Linux from Mozilla’s site. Because Firefox updates in the background, most users can relaunch the browser to install the latest version. To manually update on Windows, pull up the menu under the three horizontal bars at the upper right, then click the help icon. The resulting page or pop-up shows that the browser is already up to date or displays the upgrade process.

Unblocks Facebook log-ins

For June’s jump to version 89, Mozilla delivered an extensively tweaked user interface (UI) previously known by the code name “Proton.” Mozilla touted the changes as a significant look and feel overhaul, and said it was “designed to win you back” to the open-source browser, which has continued to slump in popularity. After a major effort upgrade, the follow-up, Firefox 90, was relatively sparse on new and shiny features meant to tempt users to abandon rivals.

In Firefox 90, anti-tracking “reacts by quickly unblocking the Facebook login script just in time for the sign-in to proceed smoothly,” according to Thomas Wisniewski and Arthur Edelstein, web compatibility engineer and senior product manager for privacy and security, respectively. In other words, the usual block is temporarily lifted long enough for authentication, at which point the block resumes so that a user is protected while navigating to other websites.

It seems odd that Mozilla, which prides itself on its privacy stance, and more specifically, with blocking trackers, has decided to initiate the feature with Facebook, whose privacy and tracking reputations are, to put it kindly, lamentable.

Background updates, but only for Windows

Background updates, which Mozilla broached in April, finally arrived in Firefox 90 for Windows users.

Prior to version 90, Firefox updated itself only when the browser was running. Much like rivals, including Chrome and Edge, Firefox looked for pending updates and upgrades when it was launched, then downloaded them in the background. The update or upgrade was not actually installed until the browser was restarted. Thus, users who left Firefox open indefinitely or spent weeks between system reboots might well be running an insecure version, even though a patched edition was available and already on their machine.

As of Firefox 90 on Windows, the browser will check for updates every seven hours when it’s not in use. Mozilla will, as it typically does, roll out this feature in stages, so not everyone will notice it immediately. Users can, however, enable the feature through the about config pane. Instructions for doing so can be found here.

Not our fault!

Elsewhere in Firefox 90, Mozilla added a diagnostic tool to the Windows version that users can reach by typing about third-party in the address bar and pressing Enter or Return. Some software, Mozilla said, loads code into browsers, Firefox included. “Sometimes, these applications load harmful modules that cause Firefox crashes, reduced performance, or compatibility issues,” Mozilla contended.

Mozilla seemed most interested in users not blaming Firefox for problems actually caused by these freeloading modules. “You may not notice that a malicious or unexpected module has been loaded and it may cause problems that appear to be Firefox issues,” Mozilla added.