dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
10274

FF4m3
@bhn.net

FF4m3

Anon

Firefox 'New Tab' Feature Exposes Users' Secured Info

Firefox 'new tab' feature exposes users' secured info: Fix promised:

Privacy-conscious users have sounded the alarm after it emerged the "New Tab" thumbnail feature in Firefox 13 is "taking snapshots of the user's HTTPS session content".

Mozilla acknowledged that the behaviour was undesirable and promised a patch. In the meantime, the browser and email client firm points privacy-conscious users towards various workarounds, as a statement (below) explains.

We are aware of the concern and have a fix that will be released in a future version of Firefox. Mozilla remains resolute in its commitment to privacy and user control. The new tab thumbnail feature within Firefox does not transmit nor store personal information outside the user's direct control.

The new tab thumbnails are based on users' browsing history. All information is contained within the browser and can be deleted at any time. Users can also switch back to using blank new tab screens by clicking the square icon in the top right corner of the browser. That will change the default preference to show a blank page, rather than the most visited websites when a new tab is opened.

Users who share their computer or use Firefox on a public computer should follow best practices for protecting their privacy by utilizing the built-in privacy tools in in Firefox, such as Private Browsing Mode.
Firefox 13 was released on 5 June, adding new features including updated new tab and home tab pages. The updated new tab page feature is broadly akin to the Speed Dial feature already present in other browsers and displays cached copies of a user's most visited websites.

Users can disable the 'New Tab' feature by making the above shown changes in about:config.
art22gg
Premium Member
join:2005-02-16
Courtenay, BC

art22gg

Premium Member

Wow...Thanks for that...Made the changes...
I also think this should be posted in the Mozilla forums in case someone misses it here!!
Will reference it...

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

DownTheShore to FF4m3

Premium Member

to FF4m3
Doesn't look like the Pale Moon iteration of FF has this feature to begin with.

therube
join:2004-11-11
Randallstown, MD

therube to FF4m3

Member

to FF4m3
Click for full size
At what point does it capture the thumbs?
Might it have captured my BoA login screen with my account number filed in?

To me, it's like, do I care? (Not.)

(Would you rather it be logging https: or my porn sites .)

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD

Premium Member

chrome and browser in android have a problem with incognito mode.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

1 recommendation

sivran to FF4m3

Premium Member

to FF4m3
Title's somewhat confusing, I came in here wondering how the heck could opening a new tab expose info, only to find out it's about Firefox's half-assed Speed Dial.

Silly Firefox not stopping to think, "maybe we shouldn't add https sites to this."

planet
join:2001-11-05
Oz

planet

Member

Doesn't seem to be present in Fx ESR 10.0.5 either.

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

rcdailey to FF4m3

Premium Member

to FF4m3
I clicked on the square in the upper right corner of the screen and got the blank new tab screen back. I then looked at about:config and I saw that the new tab option (browser.newtabpage.enabled) is user set to false now. That appears to take care of the issue as described. I left it as user set and closed about:config.
HarryH3
Premium Member
join:2005-02-21

HarryH3 to FF4m3

Premium Member

to FF4m3
Thanks for the update! I don't use that "feature" anyway so it's now disabled.

goalieskates
Premium Member
join:2004-09-12
land of big

goalieskates to FF4m3

Premium Member

to FF4m3
duplicate post, sorry
goalieskates

2 recommendations

goalieskates to FF4m3

Premium Member

to FF4m3
quote:
We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate, but this is a good example of why they need to slow down their release schedule a little. You can't just say "oops" and count on the user base all getting the word they need to change a setting.

After all, with silent updates Mozilla took responsibility for security, and they pushed the hell out of FF13 with dire warnings about same.

therube
join:2004-11-11
Randallstown, MD

therube to planet

Member

to planet
> Doesn't seem to be present in Fx ESR 10.0.5 either.

It wouldn't be.
ESR is feature frozen, only receiving security fixes (generally).

FF4m3
@verizon.net

FF4m3 to planet

Anon

to planet
said by planet:

Doesn't seem to be present in Fx ESR 10.0.5 either.

the "New Tab" thumbnail feature in Firefox 13

Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to FF4m3

Premium Member

to FF4m3
Where did the ridiculous name "new tab thumbnail" come from? It is Fx's idea of Speed Dial (which I hate and turned off immediately in browsers that have it). All tabs already have thumbnail don't they in Fx? They do in SeaMonkey. (I use TBE 3 and related extensions on Fx so I have thumbnails via one of those extensions so I don't know what plain Fx has but I assume it has thumbnails already). This new feature should have a better name. Speed Dial has zero relationship to thumbnails on tabs.
19579823 (banned)
An Awesome Dude
join:2003-08-04

19579823 (banned) to art22gg

Member

to art22gg

 

Wow usually they arent that careless!!! (Thier spying cant be detected by end users)



Its good someone noticed this

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by 19579823:

Wow usually they arent that careless!!! (Thier spying cant be detected by end users)...

So, if the code's open source and end users can't detect spying, on what factual basis do you know they do (spying on users, that is)?
19579823 (banned)
An Awesome Dude
join:2003-08-04

19579823 (banned)

Member

Well with all NEWER software you gotta assume some type of spying is going on.... (ESPECIALLY FROM MICROSOFT)

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by 19579823:

Well with all NEWER software you gotta assume some type of spying is going on.... (ESPECIALLY FROM MICROSOFT)

But what is your factual basis for your assertion that some type of spying is going on in Firefox? (Particularly since this is not a Microsoft browser, and in fact is built with open-source code that anyone can inspect.)
LondonOntGuy
join:2004-05-12
London, ON

LondonOntGuy to FF4m3

Member

to FF4m3

Re: Firefox 'New Tab' Feature Exposes Users' Secured Info

So tell me, why do people continue to 'update' Firefox?
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

A lot of folks have Fx 10 Enterprise which is frozen except for security updates. It doesn't have new tab and won't have all the crap that is to soon be foisted on Fx users who are on the regular update channel.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to goalieskates

Premium Member

to goalieskates
said by goalieskates:

quote:
We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate,

It wasn't an accident.
The developers thought it was a good feature.
19579823 (banned)
An Awesome Dude
join:2003-08-04

1 edit

1 recommendation

19579823 (banned) to LondonOntGuy

Member

to LondonOntGuy

 

quote:
So tell me, why do people continue to 'update' Firefox?
I dunno bud.... To me the FF 1.5 series is the best! (1.5.0.5 to be exact) looks and runs the best!

Anon users
@anonymouse.org

Anon users to Snowy

Anon

to Snowy

Re: Firefox 'New Tab' Feature Exposes Users' Secured Info

Oh, i see, Mozilla didn't fix 10.0.5esr for Flash 11.3 bug to push ya to v13... fine, my https is very safe with AES256, not RC4
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Snowy

Premium Member

to Snowy
said by Snowy:

said by goalieskates:

quote:
We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate,

It wasn't an accident.
The developers thought it was a good feature.

No, they thought that since Chrome has the feature, and Opera then decided to add it, that Fx better have it also....heaven forbid that Fx actually be a unique browser rather than a "me too" one constantly imitating the rival it fears.

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

1 recommendation

rcdailey

Premium Member

I am glad to see that it is easy to turn the new tab feature off, because it was somewhat annoying to have the screen open with all the "thumbnails." To find out that using the thumbnails, which I never did, to open a link would be a security issue, was more than annoying.
Bobby_Peru
Premium Member
join:2003-06-16

Bobby_Peru

Premium Member

said by rcdailey:

I am glad to see that it is easy to turn the new tab feature off, because it was somewhat annoying to have the screen open with all the "thumbnails." To find out that using the thumbnails, which I never did, to open a link would be a security issue, was more than annoying.

Luddite!

Grail Knight

Premium Member
join:2003-05-31
Valhalla

Grail Knight to Snowy

Premium Member

to Snowy
quote:
The developers thought it was a good feature.
Well it is a good feature IMO abet not planned out with an eye on security yet as it is easily disabled the issue is fixing it and letting users now about the potential security issue.

Davesnothere
Change is NOT Necessarily Progress
Premium Member
join:2009-06-15
Canada

Davesnothere to Mele20

Premium Member

to Mele20
said by Mele20:

....heaven forbid that Fx actually be a unique browser rather than a "me too" one constantly imitating the rival it fears.

 
Very True.

More recently along the way, Fx has changed many functionalities/layouts/appearances to be more like the newer IE, enough so that MY goat has been gotten.

I feel that one of the larger OLD reasons for many of us switching to earlier Fx from IE (other than security) was that M$ had made such drastic changes in IE7 (& Vista) that Fx became a way to have a newer browser which looked more like IE6, but with TABs, a reason quite valid at the time.

FF4m3
@bhn.net

FF4m3 to FF4m3

Anon

to FF4m3
Firefox’s New Tab Page Not Showing Websites or Thumbnails?:

There are two major issues with the new tab page that users may experience. They first may notice that no websites are added to the new tab page, regardless of what they do. The feature is linked to the browser’s history, and most users who do not see websites added to the new tab page have either turned the history feature off, have configured Firefox to delete the history when the browser closes, or are using a tool like CCleaner to remove the information from the browser regularly.

If you see no thumbnails at all, the reason is likely linked to the clearing of the Firefox cache. Firefox uses the cache for the thubmnails, and if you clear the cache from within Firefox, for instance on exit, or with the help of a disk cleaner, you end up without thumbnails on the page.

Firefox "New Tab" Feature Using Screen Shots of Browsing Sessions Including Banking Visits... by Sean Kalinich:

Firefox has caught up with Google’s Chrome browser when it comes to insecurity.

After forcing updates on unsuspecting users (we turn on the computer the other day to be told it was already updated) the newest version of Firefox apparently takes screen shots of your pages to put them into their Tab-Thumbnail view including sites that might be encrypted or secure connections (like your banking information). This is a pretty big privacy issue and one that has quite a few people upset.

Firefox has been made aware of the issue and are working on a fix, but do not have one just yet. When they announced the decrease in the amount of time between releases of Firefox builds we worried that this might be a side effect. After all with the smaller timeline more bugs are bound to get through QA. In fact we do not even get why FireFox and Google need this style of release schedule. More often than not a new update breaks plug-ins changes some security settings and in general screws things up.

If Firefox and Google really want to compete they need to slow down and get things right. After that Google needs to remove all of the tracking and other unneeded crap from Chrome (do you really need to change the registry entries for .html and .htm to force the use of the chrome extensions?).

I do not know about you, but I still think that taking a screen shot and storing it even if it is only contained in the browsing history is a problem. No Browser should be taking screen shots of what a user is doing; it really is as simple as that. We tend to be on the extremely paranoid side these days and wipe all data when the browser closes just to be sure…


whizkid3
MVM
join:2002-02-21
Queens, NY

whizkid3 to FF4m3

MVM

to FF4m3
said by FF4m3 :

Users can disable the 'New Tab' feature by making the above shown changes in about:config.

Thanks. Can someone explain how to get to about:config ?
(Some of us are not as savvy.)