Mozilla has plugged a privacy-related security hole in Firefox 13 and released a fixed version of its web browser. The flaw allowed the software's speed-dial-alike "new tab" feature to take snapshots of supposedly secure HTTPS sessions. Punters sounded the alarm over the feature that, for example, revealed online bank account …
or you can modify the about:config to make the newtab a homepage or blank.
Re: Modify about:config
I did like Firefox's 'Here be dragons!' warning, and the 'I'll be careful, I promise' button to continue :)
For those lost in the giant list of properties, it's
browser.newtab.url to set the homepage on a new tab instead of speed-dial.
browser.newtabpage.enabled - set to false to blank the speed-dial tab page.
Re: Modify about:config
Or just click on the tiny button on the right-upper corner
Re: Modify about:config
"browser.newtab.url to set the homepage on a new tab instead of speed-dial.
browser.newtabpage.enabled - set to false to blank the speed-dial tab page."
I believe it's A *and* B, rather than "or". The reason being that if you only use browser.newtab.url, then the thumbnails are still being generated and saved to persistent storage, even if they are not actually displayed in the new tab thingy. Only the second option actually stops the thumbnails from being generated.
I read this in some forum a while ago, sorry, I no longer have the reference handy.
Chrome shows https snapshots on New Tab
Just checked: Chrome shows snapshots of https sites on New Tab - Most visited.
What I wonder
How in the hell did it unfailingly spot my banking website as one to put on the "speed dial"? I mean, it's one thing if that's the last place I've been, but if it's been three weeks since I last visited there, what the hell is my (formerly) recent activity still showing up there for?
..Opera has.. etc. etc. etc.
Slightly off topic, but...
Is it just me or does the latest versions theme/personna/style thing look "flat" like the Office demo that was shown the other day, all the 3D style raised buttons and shadow seem to of been taken away. Is this so it will run better on lower spec'd machines?
Re: Slightly off topic, but...
Probably... I'd say Microsoft made the buttons 2D because they wanted this latest version of Office to be used on a flat Surface.
Firefox has been sucking for a while anyway. Clicking refresh to get to what I want to see, even on fairly competent sites, is not what I want from my browser. It's better to use IE and just keep important data off your computer than to have to deal with the updates, restarts and incompatible add-ons all the time. Iterations... I'd like to iterate right in their eyes.
Check out the stats if you doubt. IE has overcome its previous security issues and still provides enhanced functional with hundreds of thousands of websites that don't want to deal with coding for 'the other browsers'. From a business prospective it's better just to go with IE and make your environment cohesive and common. From a more geeky point IE v9x is consuming less than half of system resources compared FF v13. Why would I even add that kind of stress to my dept? Yes your computer is going slower and your security may have been compromised with the last update but use it anyway?
While your suggestions are not applicable in my case, as both my personal and work computing environments are totally Linux-based, I am afraid that you might be correct in your analysis. Mozilla have lost all sense of direction and purpose for a while already, and Firefox in particular is becoming more annoying by the day. They may have "jumped the shark", as the septics say.
I can't find this 'Internet Explorer' you speak of anywhere in the Canonical repositories. Do you have a link to the source?
Caching in general
I don't get the need for this any more. Originally it was to save load times (when you had a 96k dial-up) and was useful. Most content these days is dynamic and we have faster connections. I set my cache size to be zero.
Don't expect agreement, it's just my opinion.
Off topic (ish) I know...
Re: Caching in general
I've never set it zero but always set it to a low value (typically ~20MB), that way hiting the "back" button can be speeded up, but limits the build up of dross and it also seems to make FF start up a little faster.
Facebook screws something up: RAGE
Google screws something up: RAGE
Microsoft screws something up: RAGE
Apple screws something up: RAGE
Mozilla screws something up: Suggestions on how to work around to problem.
Where's all the rage? Or is FF leaking sensitive information not a problem?
There's a reason for that
Facebook, Google, Microsoft, Apple: Privacy-invading, commercial scumbags.
Mozilla: Trying to do the decent thing.
Re: There's a reason for that
Facebook would argue they are trying to improve the user experience every time they screw up and people still call them out for failing to protect privacy.
I don't really care what Mozilla's intentions were, the fact is that they failed, this time, on a fairly obvious privacy issue. I'd question why anything received over HTTPS hits the cache in the first place, but that's a different argument. The point here is that they took sensitive data from a secure session and made a thumbnail of it and that is a massive fail. Had MS/Google done this with IE/Chrome, this thread would be glowing from the amount of criticism being posted, and rightly so.
That lasted about 5 minutes
When I first updated to the Beta and saw the new tab thing I didn't even think about the security issue. I use the history and keywords on bookmarks to get to my frequently-visited sites so I just thought it was a complete waste of resources and immediately searched for a way to turn it off.
Hooray for about:config.
Tried to use Chrome, but ...
I use the New Tab Homepage add-on for Firefox to show my home page on open of a new tab. My home page is a local file with my favourite links etc.
Tried to emulate this with Chrome, no joy.
With Firefox it takes almost no time to get to a specific site. Chrome is supposed to be fast but the lack of this ability kills it for me. And don't get me started about the lack of decent add-ons.
Re: Tried to use Chrome, but ...
Also, Chrome will never be secure because Google are one of the bad guys.
Can't find a 'speed dial' new tab anywhere in my Firefox... Wanted to check it out...
Consult Mozilla docs - a message is displayed "this does not relate to your version of Firefox"
Go to latest download page - latest version 14.0.1
Help>About Firefox - my version 14.0.1
What's going on here?
While the fixed sounds good on the surface, to me it sounds like something very wrong is happening. It sounds like they're designing the browser behave differently for specific sites. How does Firefox know what a "sensitive" site looks like anyway? The "automatically encrypts google" thing sounds similar (unless they're just talking about when you search from the toolbar).