1. #1
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Firefox 'new tab' feature exposes users' secured info: Fix promised


    Privacy-conscious users have sounded the alarm after it emerged the "New Tab" thumbnail feature in Firefox 13 is "taking snapshots of the user's HTTPS session content".

    Reg
    reader Chris discovered the feature after opening a new tab only to be "greeted by my earlier online banking and webmail sessions complete with account numbers, balances, subject lines etc.

    "This content is behind a secure login for a reason," Chris added.

    In response to queries on the matter prompted by Chris's experience, Mozilla acknowledged that the behaviour was undesirable and promised a patch. In the meantime, the browser and email client firm points privacy-conscious users towards various workarounds, as a statement (below) explains.

    http://www.theregister.co.uk/2012/06...rity_concerns/
    zigzag3143 says thanks for this.


    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag




    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,835

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    zigzag3143 says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3
    zigzag3143's Avatar
    Join Date
    Mar 2012
    Posts
    3,741
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        DV7
      • Cooling:
        Coolermaster U3 best in class
      • Operating System:
        Win 8 RTM

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    Liked there and here thanks

    MS-MVP Windows IT-PRO 2010-2017
    MCC-2013-2017
    Wankiya & Dyami
    Team ZigZag





  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,835

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    Thank you. :)


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    16,314
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    Wouldn't using IE fix this?

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015
    Windows Insider MVP 2018 - Present

  6. #6
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    I DO like that question indeed...


    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag



  7. #7
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,835

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    Yes, using IE, most especially, IE9 would avoid that issue. However, IE does not have the highly useful add-ons that Firefox has available.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  8. #8
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    16,314
    • specs System Specs
      • Manufacturer:
        HP
      • Model Number:
        HP ENVY TouchSmart 17-j130us Notebook - E8A04UA
      • Motherboard:
        HP Insyde 720265-501 6050A2549501-MB-A02
      • CPU:
        Intel Core i7-4700MQ Processor with Turbo Boost up to 3.4GHz.
      • Memory:
        12GB DDR3L SDRAM (2 DIMM)
      • Graphics:
        Intel HD graphics 4600 with up to 1792MB total graphics memory
      • Sound Card:
        Beats Audio quad speakers and two subwoofers
      • Hard Drives:
        1TB 5400RPM hard drive with HP ProtectSmart Hard Drive Protection
      • Disk Drives:
        Hitachi 500 GB SSD; 7 TB USB External
      • Power Supply:
        90w
      • Case:
        Laptop
      • Display:
        17.3-inch diagonal HD+ BrightView LED-backlit touchscreen display (1600 x 900)
      • Operating System:
        Windows 8.1

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    Maybe the day will come.... but I'll stick with IE x64 for now!

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015
    Windows Insider MVP 2018 - Present

  9. #9
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    Firefox 'new tab' feature exposes secured information


    When Firefox 13 was released to the public earlier this month, it came with an updated 'New Tab' page that seems to take inspiration from Chrome and Opera by providing thumbnails of the sites you have previously viewed. There is also a 'Tabs on demand' which aims to speed up your browsing experience.
    Obviously for all its testing and quality control, at least one unintentional feature slipped through, in that secured content is easily accessible to anyone that is using the browser through the 'new tabs' page. Firefox 13 takes a snapshot of recently visited sites and this includes sites that were accessed over HTTPS used for secure communication to websites such as online banking.
    http://www.neowin.net/news/firefox-n...Neowin+News%29


    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag



  10. #10
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Re: Firefox 'new tab' feature exposes users' secured info: Fix promised

    Stop Firefox 13 Speed Dial Thumbnails From Showing Secure Content [Tip]


    Firefox 13 was released earlier this month, and among the top six features, the new tab page was one. Not only was this new feature well received by Firefox users, it was also one of the major interface changes the browser has implemented since going on a rapid release cycle. Unfortunately, itís hit a bug all too soon. The speed dial feature that so many users were glad to have incorporated by default in the browser takes snapshots of websites, regardless of whether they are viewed over an HTTP or HTTPS protocol. This puts secure HTTPS content captured on several websites in plain view. Why is this dangerous? Sites that mandate an HTTPS protocol are usually ones where sensitive information, like banking details, credit card numbers etc, are exchanged, and that isnít information you want out in the open. The issue was first discovered by The Register, and Mozilla have acknowledged this breach. An update has been promised, but in the mean time, here is how you can disable the new tab page, which is the only way of staying safe.
    http://www.addictivetips.com/web/sto...dictiveTips%29


    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag



  11. #11
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Firefox Security Bug Not a Bug at All


    A "bug" in the latest version of Firefox that exposes secure information in the browser's New Tab window may not be a flaw at all, according to one security researcher.

    The New Tab feature in Firefox 13 displays thumbnails of previously visited web pages whenever a new tab is opened in the browser. Those thumbnails include information from secure, or HTTPS, websites, too.

    One Firefox user reported that he discovered information in the thumbnails from previous online banking and webmail sessions that included account numbers, balances, and subject lines, according a report in The Register. That means anyone opening up the browser in your computer could have easy access to some of your most sensitive information. It also creates a rich target for cyber criminals trying to snatch info from your computer remotely.

    http://www.pcworld.com/article/25859...ll.html#tk.rss


    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag



Similar Threads

  1. Facebook bug exposed contact info of 6M users
    By JMH in forum Social Media News
    Replies: 1
    Last Post: 06-22-2013, 09:47 PM
  2. Replies: 0
    Last Post: 07-19-2012, 04:25 PM
  3. Firefox 'new tab' feature exposes users' secured info
    By zigzag3143 in forum Security News
    Replies: 0
    Last Post: 06-22-2012, 07:45 PM
  4. An update on the Australis tab shape for Firefox
    By JMH in forum News You Can Use
    Replies: 0
    Last Post: 06-18-2012, 04:46 PM
  5. Replies: 0
    Last Post: 06-11-2012, 11:07 PM

Log in

Log in