Researchers discovered a privacy vulnerability in Firefox-based browsers whereby the order of IndexedDB databases returned by the indexedDB.databases() API serves as a stable, process-scoped identifier. This allows unrelated websites to link user activity across origins and defeats privacy features in Firefox Private Browsing and Tor Browser, including Tor's “New Identity” function, by exposing a deterministic fingerprint until the browser process restarts. Mozilla has released a fix that canonicalizes the database order to eliminate this leakage and restore expected privacy guarantees.
https://fingerprint.com/blog/firefox-tor-indexeddb-privacy-vulnerability/

