Firefox 96.0.3, a maintenance release, and a new long-term support release of Firefox 91.5.1 are now available. These releases address a bug that, under certain circumstances, could cause unnecessary data to be sent to the telemetry server. The overall share of unwanted data among all event logs on telemetry servers is estimated at 0.0013% for desktop Firefox, 0.0005% for Android-versions of Firefox and 0.0057% for Firefox Focus.
Under normal conditions, the browser transmits "search codes" ("search code"), assigned by search service providers and allowing you to understand how many queries the user has sent through a partner search engine. Search codes by themselves do not reveal the content of search queries and do not include any identifiable or unique information. When accessing a search engine, the search code is specified in the URL, and together with the telemetry, search code counters are transmitted, allowing you to understand that the correct code was sent when accessing the search engine and the search engine was not replaced by malware.
The essence of the identified problem is that if the user accidentally edits part of the URL with the search code, the content of this modified field will also be sent to server Telemetry. Accidental, unintentional changes pose a risk. For example, if a user accidentally adds "example@example.com" to the "&client=firefox-bd" field from the clipboard, the telemetry value will be "firefox-b-dexample@example.com."
Source: opennet.ru
