Feeds

back to article Firefox 14 tabs no longer sneak a peek at users' privates

Mozilla has plugged a privacy-related security hole in Firefox 13 and released a fixed version of its web browser. The flaw allowed the software's speed-dial-alike "new tab" feature to take snapshots of supposedly secure HTTPS sessions. Punters sounded the alarm over the feature that, for example, revealed online bank account …

COMMENTS

This topic is closed for new posts.
Boffin

Modify about:config

or you can modify the about:config to make the newtab a homepage or blank.

3
1
Silver badge

Re: Modify about:config

I did like Firefox's 'Here be dragons!' warning, and the 'I'll be careful, I promise' button to continue :)

For those lost in the giant list of properties, it's

browser.newtab.url to set the homepage on a new tab instead of speed-dial.

or

browser.newtabpage.enabled - set to false to blank the speed-dial tab page.

1
1

Re: Modify about:config

Or just click on the tiny button on the right-upper corner

7
1
Anonymous Coward

Re: Modify about:config

"browser.newtab.url to set the homepage on a new tab instead of speed-dial.

or

browser.newtabpage.enabled - set to false to blank the speed-dial tab page."

I believe it's A *and* B, rather than "or". The reason being that if you only use browser.newtab.url, then the thumbnails are still being generated and saved to persistent storage, even if they are not actually displayed in the new tab thingy. Only the second option actually stops the thumbnails from being generated.

I read this in some forum a while ago, sorry, I no longer have the reference handy.

1
0
FAIL

Chrome shows https snapshots on New Tab

Just checked: Chrome shows snapshots of https sites on New Tab - Most visited.

Not good...

3
0

What I wonder

How in the hell did it unfailingly spot my banking website as one to put on the "speed dial"? I mean, it's one thing if that's the last place I've been, but if it's been three weeks since I last visited there, what the hell is my (formerly) recent activity still showing up there for?

1
6
Anonymous Coward

But..

..Opera has.. etc. etc. etc.

2
1

Slightly off topic, but...

Is it just me or does the latest versions theme/personna/style thing look "flat" like the Office demo that was shown the other day, all the 3D style raised buttons and shadow seem to of been taken away. Is this so it will run better on lower spec'd machines?

0
0
Silver badge
Coat

Re: Slightly off topic, but...

Probably... I'd say Microsoft made the buttons 2D because they wanted this latest version of Office to be used on a flat Surface.

0
0
Silver badge
FAIL

Ugh

Firefox has been sucking for a while anyway. Clicking refresh to get to what I want to see, even on fairly competent sites, is not what I want from my browser. It's better to use IE and just keep important data off your computer than to have to deal with the updates, restarts and incompatible add-ons all the time. Iterations... I'd like to iterate right in their eyes.

Check out the stats if you doubt. IE has overcome its previous security issues and still provides enhanced functional with hundreds of thousands of websites that don't want to deal with coding for 'the other browsers'. From a business prospective it's better just to go with IE and make your environment cohesive and common. From a more geeky point IE v9x is consuming less than half of system resources compared FF v13. Why would I even add that kind of stress to my dept? Yes your computer is going slower and your security may have been compromised with the last update but use it anyway?

2
10
Anonymous Coward

Re: Ugh

While your suggestions are not applicable in my case, as both my personal and work computing environments are totally Linux-based, I am afraid that you might be correct in your analysis. Mozilla have lost all sense of direction and purpose for a while already, and Firefox in particular is becoming more annoying by the day. They may have "jumped the shark", as the septics say.

2
4
Silver badge
Trollface

Re: Ugh

I can't find this 'Internet Explorer' you speak of anywhere in the Canonical repositories. Do you have a link to the source?

3
0
Anonymous Coward

Caching in general

I don't get the need for this any more. Originally it was to save load times (when you had a 96k dial-up) and was useful. Most content these days is dynamic and we have faster connections. I set my cache size to be zero.

Don't expect agreement, it's just my opinion.

Off topic (ish) I know...

3
0
Anonymous Coward

Re: Caching in general

I've never set it zero but always set it to a low value (typically ~20MB), that way hiting the "back" button can be speeded up, but limits the build up of dross and it also seems to make FF start up a little faster.

1
0
Anonymous Coward

Facebook screws something up: RAGE

Google screws something up: RAGE

Microsoft screws something up: RAGE

Apple screws something up: RAGE

Mozilla screws something up: Suggestions on how to work around to problem.

Where's all the rage? Or is FF leaking sensitive information not a problem?

1
4
Silver badge
FAIL

There's a reason for that

Facebook, Google, Microsoft, Apple: Privacy-invading, commercial scumbags.

Mozilla: Trying to do the decent thing.

6
1
Anonymous Coward

Re: There's a reason for that

Facebook would argue they are trying to improve the user experience every time they screw up and people still call them out for failing to protect privacy.

I don't really care what Mozilla's intentions were, the fact is that they failed, this time, on a fairly obvious privacy issue. I'd question why anything received over HTTPS hits the cache in the first place, but that's a different argument. The point here is that they took sensitive data from a secure session and made a thumbnail of it and that is a massive fail. Had MS/Google done this with IE/Chrome, this thread would be glowing from the amount of criticism being posted, and rightly so.

0
1
Anonymous Coward

That lasted about 5 minutes

When I first updated to the Beta and saw the new tab thing I didn't even think about the security issue. I use the history and keywords on bookmarks to get to my frequently-visited sites so I just thought it was a complete waste of resources and immediately searched for a way to turn it off.

It reminded me Internet Explorer where you either had to launch from a program icon or had to use JavaScript to open a blank window because some twat decided that if you're browsing and open another window you obviously want to go to the same site.

Hooray for about:config.

1
0
Holmes

Tried to use Chrome, but ...

I use the New Tab Homepage add-on for Firefox to show my home page on open of a new tab. My home page is a local file with my favourite links etc.

Tried to emulate this with Chrome, no joy.

With Firefox it takes almost no time to get to a specific site. Chrome is supposed to be fast but the lack of this ability kills it for me. And don't get me started about the lack of decent add-ons.

1
0
Anonymous Coward

Re: Tried to use Chrome, but ...

Also, Chrome will never be secure because Google are one of the bad guys.

0
0
Anonymous Coward

What's this?

Can't find a 'speed dial' new tab anywhere in my Firefox... Wanted to check it out...

Consult Mozilla docs - a message is displayed "this does not relate to your version of Firefox"

Go to latest download page - latest version 14.0.1

Help>About Firefox - my version 14.0.1

What's going on here?

1
0
Silver badge

Bass Ackwardss

While the fixed sounds good on the surface, to me it sounds like something very wrong is happening. It sounds like they're designing the browser behave differently for specific sites. How does Firefox know what a "sensitive" site looks like anyway? The "automatically encrypts google" thing sounds similar (unless they're just talking about when you search from the toolbar).

0
0
This topic is closed for new posts.