back to article Firefox 14 tabs no longer sneak a peek at users' privates

Mozilla has plugged a privacy-related security hole in Firefox 13 and released a fixed version of its web browser. The flaw allowed the software's speed-dial-alike "new tab" feature to take snapshots of supposedly secure HTTPS sessions. Punters sounded the alarm over the feature that, for example, revealed online bank account …

COMMENTS

This topic is closed for new posts.
  1. Ryan Kendall
    Boffin

    Modify about:config

    or you can modify the about:config to make the newtab a homepage or blank.

    1. Simon Harris

      Re: Modify about:config

      I did like Firefox's 'Here be dragons!' warning, and the 'I'll be careful, I promise' button to continue :)

      For those lost in the giant list of properties, it's

      browser.newtab.url to set the homepage on a new tab instead of speed-dial.

      or

      browser.newtabpage.enabled - set to false to blank the speed-dial tab page.

      1. marioaieie

        Re: Modify about:config

        Or just click on the tiny button on the right-upper corner

      2. Anonymous Coward
        Anonymous Coward

        Re: Modify about:config

        "browser.newtab.url to set the homepage on a new tab instead of speed-dial.

        or

        browser.newtabpage.enabled - set to false to blank the speed-dial tab page."

        I believe it's A *and* B, rather than "or". The reason being that if you only use browser.newtab.url, then the thumbnails are still being generated and saved to persistent storage, even if they are not actually displayed in the new tab thingy. Only the second option actually stops the thumbnails from being generated.

        I read this in some forum a while ago, sorry, I no longer have the reference handy.

  2. BillD
    FAIL

    Chrome shows https snapshots on New Tab

    Just checked: Chrome shows snapshots of https sites on New Tab - Most visited.

    Not good...

  3. Aaron Em

    What I wonder

    How in the hell did it unfailingly spot my banking website as one to put on the "speed dial"? I mean, it's one thing if that's the last place I've been, but if it's been three weeks since I last visited there, what the hell is my (formerly) recent activity still showing up there for?

  4. Anonymous Coward
    Anonymous Coward

    But..

    ..Opera has.. etc. etc. etc.

  5. Roger B

    Slightly off topic, but...

    Is it just me or does the latest versions theme/personna/style thing look "flat" like the Office demo that was shown the other day, all the 3D style raised buttons and shadow seem to of been taken away. Is this so it will run better on lower spec'd machines?

    1. Anonymous Coward
      Coat

      Re: Slightly off topic, but...

      Probably... I'd say Microsoft made the buttons 2D because they wanted this latest version of Office to be used on a flat Surface.

  6. Don Jefe
    FAIL

    Ugh

    Firefox has been sucking for a while anyway. Clicking refresh to get to what I want to see, even on fairly competent sites, is not what I want from my browser. It's better to use IE and just keep important data off your computer than to have to deal with the updates, restarts and incompatible add-ons all the time. Iterations... I'd like to iterate right in their eyes.

    Check out the stats if you doubt. IE has overcome its previous security issues and still provides enhanced functional with hundreds of thousands of websites that don't want to deal with coding for 'the other browsers'. From a business prospective it's better just to go with IE and make your environment cohesive and common. From a more geeky point IE v9x is consuming less than half of system resources compared FF v13. Why would I even add that kind of stress to my dept? Yes your computer is going slower and your security may have been compromised with the last update but use it anyway?

    1. Anonymous Coward
      Anonymous Coward

      Re: Ugh

      While your suggestions are not applicable in my case, as both my personal and work computing environments are totally Linux-based, I am afraid that you might be correct in your analysis. Mozilla have lost all sense of direction and purpose for a while already, and Firefox in particular is becoming more annoying by the day. They may have "jumped the shark", as the septics say.

    2. Fibbles
      Trollface

      Re: Ugh

      I can't find this 'Internet Explorer' you speak of anywhere in the Canonical repositories. Do you have a link to the source?

  7. Anonymous Coward
    Anonymous Coward

    Caching in general

    I don't get the need for this any more. Originally it was to save load times (when you had a 96k dial-up) and was useful. Most content these days is dynamic and we have faster connections. I set my cache size to be zero.

    Don't expect agreement, it's just my opinion.

    Off topic (ish) I know...

    1. Anonymous Coward
      Anonymous Coward

      Re: Caching in general

      I've never set it zero but always set it to a low value (typically ~20MB), that way hiting the "back" button can be speeded up, but limits the build up of dross and it also seems to make FF start up a little faster.

  8. Anonymous Coward
    Anonymous Coward

    Facebook screws something up: RAGE

    Google screws something up: RAGE

    Microsoft screws something up: RAGE

    Apple screws something up: RAGE

    Mozilla screws something up: Suggestions on how to work around to problem.

    Where's all the rage? Or is FF leaking sensitive information not a problem?

    1. Anonymous Coward
      FAIL

      There's a reason for that

      Facebook, Google, Microsoft, Apple: Privacy-invading, commercial scumbags.

      Mozilla: Trying to do the decent thing.

      1. Anonymous Coward
        Anonymous Coward

        Re: There's a reason for that

        Facebook would argue they are trying to improve the user experience every time they screw up and people still call them out for failing to protect privacy.

        I don't really care what Mozilla's intentions were, the fact is that they failed, this time, on a fairly obvious privacy issue. I'd question why anything received over HTTPS hits the cache in the first place, but that's a different argument. The point here is that they took sensitive data from a secure session and made a thumbnail of it and that is a massive fail. Had MS/Google done this with IE/Chrome, this thread would be glowing from the amount of criticism being posted, and rightly so.

  9. Anonymous Coward
    Anonymous Coward

    That lasted about 5 minutes

    When I first updated to the Beta and saw the new tab thing I didn't even think about the security issue. I use the history and keywords on bookmarks to get to my frequently-visited sites so I just thought it was a complete waste of resources and immediately searched for a way to turn it off.

    It reminded me Internet Explorer where you either had to launch from a program icon or had to use JavaScript to open a blank window because some twat decided that if you're browsing and open another window you obviously want to go to the same site.

    Hooray for about:config.

  10. djnapkin
    Holmes

    Tried to use Chrome, but ...

    I use the New Tab Homepage add-on for Firefox to show my home page on open of a new tab. My home page is a local file with my favourite links etc.

    Tried to emulate this with Chrome, no joy.

    With Firefox it takes almost no time to get to a specific site. Chrome is supposed to be fast but the lack of this ability kills it for me. And don't get me started about the lack of decent add-ons.

    1. Anonymous Coward
      Anonymous Coward

      Re: Tried to use Chrome, but ...

      Also, Chrome will never be secure because Google are one of the bad guys.

  11. Anonymous Coward
    Anonymous Coward

    What's this?

    Can't find a 'speed dial' new tab anywhere in my Firefox... Wanted to check it out...

    Consult Mozilla docs - a message is displayed "this does not relate to your version of Firefox"

    Go to latest download page - latest version 14.0.1

    Help>About Firefox - my version 14.0.1

    What's going on here?

  12. Old Handle

    Bass Ackwardss

    While the fixed sounds good on the surface, to me it sounds like something very wrong is happening. It sounds like they're designing the browser behave differently for specific sites. How does Firefox know what a "sensitive" site looks like anyway? The "automatically encrypts google" thing sounds similar (unless they're just talking about when you search from the toolbar).

This topic is closed for new posts.