Firefox 'new tab' feature exposes secured information

When Firefox 13 was released to the public earlier this month, it came with an updated 'New Tab' page that seems to take inspiration from Chrome and Opera by providing thumbnails of the sites you have previously viewed. There is also a 'Tabs on demand' which aims to speed up your browsing experience.

Obviously for all its testing and quality control, at least one unintentional feature slipped through, in that secured content is easily accessible to anyone that is using the browser through the 'new tabs' page. Firefox 13 takes a snapshot of recently visited sites and this includes sites that were accessed over HTTPS used for secure communication to websites such as online banking.

In a report over at The Register Reg reader Chris discovered the feature after opening a new tab only to be "greeted by my earlier online banking and webmail sessions complete with account numbers, balances, subject lines etc."

"This content is behind a secure login for a reason," Chris added.

Mozilla responded to The Register acknowledging the problem and has promised a patch after releasing a statement that can be read below:

We are aware of the concern and have a fix that will be released in a future version of Firefox. Mozilla remains resolute in its commitment to privacy and user control. The new tab thumbnail feature within Firefox does not transmit nor store personal information outside the user's direct control.

The new tab thumbnails are based on users' browsing history. All information is contained within the browser and can be deleted at any time. Users can also switch back to using blank new tab screens by clicking the square icon in the top right corner of the browser. That will change the default preference to show a blank page, rather than the most visited websites when a new tab is opened.

Users who share their computer or use Firefox on a public computer should follow best practices for protecting their privacy by utilizing the built-in privacy tools in in Firefox, such as Private Browsing Mode.

The latest version of Firefox includes two new notable updates to the Home and new Tab pages and was released on June 5th. If you haven't already updated, you might want to wait for a patch, or take the advice from Mozilla stated above.

Update: If you wish to disable the New Tab Page completely, visit about:config, type in browser.newtab.url, and then set the value to about:blank (or about:home, if you prefer).


Like so...

Source: The Register

For our community discussion on Firefox bugs, releases, beta and nightly builds go here.

Previous Story
Neowin Member Reviews: Cellular Line Anti-Slip Grip pad
Next Story
Weekend Poll: Surface, Windows Phone 8 or Windows 8?