|
FF4m3
Anon
2012-Jun-22 9:49 am
Firefox 'New Tab' Feature Exposes Users' Secured Info Firefox 'new tab' feature exposes users' secured info: Fix promised: Privacy-conscious users have sounded the alarm after it emerged the "New Tab" thumbnail feature in Firefox 13 is "taking snapshots of the user's HTTPS session content".
Mozilla acknowledged that the behaviour was undesirable and promised a patch. In the meantime, the browser and email client firm points privacy-conscious users towards various workarounds, as a statement (below) explains. We are aware of the concern and have a fix that will be released in a future version of Firefox. Mozilla remains resolute in its commitment to privacy and user control. The new tab thumbnail feature within Firefox does not transmit nor store personal information outside the user's direct control.
The new tab thumbnails are based on users' browsing history. All information is contained within the browser and can be deleted at any time. Users can also switch back to using blank new tab screens by clicking the square icon in the top right corner of the browser. That will change the default preference to show a blank page, rather than the most visited websites when a new tab is opened.
Users who share their computer or use Firefox on a public computer should follow best practices for protecting their privacy by utilizing the built-in privacy tools in in Firefox, such as Private Browsing Mode. Firefox 13 was released on 5 June, adding new features including updated new tab and home tab pages. The updated new tab page feature is broadly akin to the Speed Dial feature already present in other browsers and displays cached copies of a user's most visited websites. Users can disable the 'New Tab' feature by making the above shown changes in about:config. |
|
art22gg Premium Member join:2005-02-16 Courtenay, BC |
art22gg
Premium Member
2012-Jun-22 12:31 pm
Wow...Thanks for that...Made the changes... I also think this should be posted in the Mozilla forums in case someone misses it here!! Will reference it... |
|
DownTheShorePray for Ukraine Premium Member join:2003-12-02 Beautiful NJ |
to FF4m3
Doesn't look like the Pale Moon iteration of FF has this feature to begin with. |
|
therube join:2004-11-11 Randallstown, MD |
to FF4m3
At what point does it capture the thumbs? Might it have captured my BoA login screen with my account number filed in? To me, it's like, do I care? (Not.) (Would you rather it be logging https: or my porn sites .) |
|
AVDRespice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ |
AVD
Premium Member
2012-Jun-22 1:37 pm
chrome and browser in android have a problem with incognito mode. |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX
1 recommendation |
to FF4m3
Title's somewhat confusing, I came in here wondering how the heck could opening a new tab expose info, only to find out it's about Firefox's half-assed Speed Dial.
Silly Firefox not stopping to think, "maybe we shouldn't add https sites to this." |
|
|
|
planet
Member
2012-Jun-22 2:19 pm
Doesn't seem to be present in Fx ESR 10.0.5 either. |
|
rcdaileyDragoonfly Premium Member join:2005-03-29 Rialto, CA |
to FF4m3
I clicked on the square in the upper right corner of the screen and got the blank new tab screen back. I then looked at about:config and I saw that the new tab option (browser.newtabpage.enabled) is user set to false now. That appears to take care of the issue as described. I left it as user set and closed about:config. |
|
HarryH3 Premium Member join:2005-02-21 |
to FF4m3
Thanks for the update! I don't use that "feature" anyway so it's now disabled. |
|
|
to FF4m3
duplicate post, sorry |
|
goalieskates
2 recommendations |
to FF4m3
quote: We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate, but this is a good example of why they need to slow down their release schedule a little. You can't just say "oops" and count on the user base all getting the word they need to change a setting. After all, with silent updates Mozilla took responsibility for security, and they pushed the hell out of FF13 with dire warnings about same. |
|
therube join:2004-11-11 Randallstown, MD |
to planet
> Doesn't seem to be present in Fx ESR 10.0.5 either.
It wouldn't be. ESR is feature frozen, only receiving security fixes (generally). |
|
|
FF4m3 to planet
Anon
2012-Jun-22 8:37 pm
to planet
said by planet:Doesn't seem to be present in Fx ESR 10.0.5 either. the "New Tab" thumbnail feature in Firefox 13 |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to FF4m3
Where did the ridiculous name "new tab thumbnail" come from? It is Fx's idea of Speed Dial (which I hate and turned off immediately in browsers that have it). All tabs already have thumbnail don't they in Fx? They do in SeaMonkey. (I use TBE 3 and related extensions on Fx so I have thumbnails via one of those extensions so I don't know what plain Fx has but I assume it has thumbnails already). This new feature should have a better name. Speed Dial has zero relationship to thumbnails on tabs. |
|
19579823 (banned)An Awesome Dude join:2003-08-04 |
to art22gg
Wow usually they arent that careless!!! (Thier spying cant be detected by end users) Its good someone noticed this |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
Blackbird
Premium Member
2012-Jun-22 11:32 pm
said by 19579823:Wow usually they arent that careless!!! (Thier spying cant be detected by end users)... So, if the code's open source and end users can't detect spying, on what factual basis do you know they do (spying on users, that is)? |
|
19579823 (banned)An Awesome Dude join:2003-08-04 |
19579823 (banned)
Member
2012-Jun-22 11:38 pm
Well with all NEWER software you gotta assume some type of spying is going on.... (ESPECIALLY FROM MICROSOFT) |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
Blackbird
Premium Member
2012-Jun-23 12:24 am
said by 19579823:Well with all NEWER software you gotta assume some type of spying is going on.... (ESPECIALLY FROM MICROSOFT) But what is your factual basis for your assertion that some type of spying is going on in Firefox? (Particularly since this is not a Microsoft browser, and in fact is built with open-source code that anyone can inspect.) |
|
|
to FF4m3
Re: Firefox 'New Tab' Feature Exposes Users' Secured InfoSo tell me, why do people continue to 'update' Firefox? |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2012-Jun-23 2:25 am
A lot of folks have Fx 10 Enterprise which is frozen except for security updates. It doesn't have new tab and won't have all the crap that is to soon be foisted on Fx users who are on the regular update channel. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to goalieskates
said by goalieskates:quote: We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate, It wasn't an accident. The developers thought it was a good feature. |
|
19579823 (banned)An Awesome Dude join:2003-08-04 1 edit
1 recommendation |
to LondonOntGuy
quote: So tell me, why do people continue to 'update' Firefox?
I dunno bud.... To me the FF 1.5 series is the best! (1.5.0.5 to be exact) looks and runs the best! |
|
|
Anon users to Snowy
Anon
2012-Jun-23 4:50 am
to Snowy
Re: Firefox 'New Tab' Feature Exposes Users' Secured InfoOh, i see, Mozilla didn't fix 10.0.5esr for Flash 11.3 bug to push ya to v13... fine, my https is very safe with AES256, not RC4 |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to Snowy
said by Snowy:said by goalieskates:quote: We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate, It wasn't an accident. The developers thought it was a good feature. No, they thought that since Chrome has the feature, and Opera then decided to add it, that Fx better have it also....heaven forbid that Fx actually be a unique browser rather than a "me too" one constantly imitating the rival it fears. |
|
rcdaileyDragoonfly Premium Member join:2005-03-29 Rialto, CA
1 recommendation |
rcdailey
Premium Member
2012-Jun-23 7:46 am
I am glad to see that it is easy to turn the new tab feature off, because it was somewhat annoying to have the screen open with all the "thumbnails." To find out that using the thumbnails, which I never did, to open a link would be a security issue, was more than annoying. |
|
|
said by rcdailey:I am glad to see that it is easy to turn the new tab feature off, because it was somewhat annoying to have the screen open with all the "thumbnails." To find out that using the thumbnails, which I never did, to open a link would be a security issue, was more than annoying. Luddite! |
|
|
to Snowy
quote: The developers thought it was a good feature.
Well it is a good feature IMO abet not planned out with an eye on security yet as it is easily disabled the issue is fixing it and letting users now about the potential security issue. |
|
DavesnothereChange is NOT Necessarily Progress Premium Member join:2009-06-15 Canada |
to Mele20
said by Mele20:....heaven forbid that Fx actually be a unique browser rather than a "me too" one constantly imitating the rival it fears. Very True. More recently along the way, Fx has changed many functionalities/layouts/appearances to be more like the newer IE, enough so that MY goat has been gotten. I feel that one of the larger OLD reasons for many of us switching to earlier Fx from IE (other than security) was that M$ had made such drastic changes in IE7 (& Vista) that Fx became a way to have a newer browser which looked more like IE6, but with TABs, a reason quite valid at the time. |
|
|
FF4m3 to FF4m3
Anon
2012-Jun-23 12:11 pm
to FF4m3
Firefoxs New Tab Page Not Showing Websites or Thumbnails?: There are two major issues with the new tab page that users may experience. They first may notice that no websites are added to the new tab page, regardless of what they do. The feature is linked to the browsers history, and most users who do not see websites added to the new tab page have either turned the history feature off, have configured Firefox to delete the history when the browser closes, or are using a tool like CCleaner to remove the information from the browser regularly.
If you see no thumbnails at all, the reason is likely linked to the clearing of the Firefox cache. Firefox uses the cache for the thubmnails, and if you clear the cache from within Firefox, for instance on exit, or with the help of a disk cleaner, you end up without thumbnails on the page. Firefox "New Tab" Feature Using Screen Shots of Browsing Sessions Including Banking Visits... by Sean Kalinich: Firefox has caught up with Googles Chrome browser when it comes to insecurity.
After forcing updates on unsuspecting users (we turn on the computer the other day to be told it was already updated) the newest version of Firefox apparently takes screen shots of your pages to put them into their Tab-Thumbnail view including sites that might be encrypted or secure connections (like your banking information). This is a pretty big privacy issue and one that has quite a few people upset.
Firefox has been made aware of the issue and are working on a fix, but do not have one just yet. When they announced the decrease in the amount of time between releases of Firefox builds we worried that this might be a side effect. After all with the smaller timeline more bugs are bound to get through QA. In fact we do not even get why FireFox and Google need this style of release schedule. More often than not a new update breaks plug-ins changes some security settings and in general screws things up.
If Firefox and Google really want to compete they need to slow down and get things right. After that Google needs to remove all of the tracking and other unneeded crap from Chrome (do you really need to change the registry entries for .html and .htm to force the use of the chrome extensions?).
I do not know about you, but I still think that taking a screen shot and storing it even if it is only contained in the browsing history is a problem. No Browser should be taking screen shots of what a user is doing; it really is as simple as that. We tend to be on the extremely paranoid side these days and wipe all data when the browser closes just to be sure
|
|
|
to FF4m3
said by FF4m3 :Users can disable the 'New Tab' feature by making the above shown changes in about:config. Thanks. Can someone explain how to get to about:config ? (Some of us are not as savvy.) |
|