Security concerns over Firefox's "new tab" thumbnail feature
One of the new features in the recent Firefox 13 release is raising security concerns from privacy-conscious users: when users open a new tab in version 13 of the open source web browser, they are presented a grid of the nine most visited pages, each with its own screenshot thumbnail. These thumbnails could be displaying private information though.
The new feature is intended it to make it easier for users to quickly identify frequently visited pages that they may wish to revisit. However, it does not differentiate between secure and unsecured sites. Pages secured using HTTPS connections such as those for email and online banking also have screenshots taken of them and can be displayed on the new tab page; these could potentially include confidential data. Although a similar feature exists in Google's Chrome browser, the thumbnails are not as large or as clear in that browser as they are in Firefox.
In a statement, Mozilla told The Register that it is aware of the problem and says that it will be fixed in "a future version of Firefox". The non-profit organisation goes on to note that "The new tab thumbnail feature within Firefox does not transmit nor store personal information outside the user's direct control," adding that, "All information is contained within the browser and can be deleted at any time."
While the new behaviour can be toggled by clicking a grid icon in the upper right hand corner of the page, users can completely disable the new tab page feature in Firefox by changing some advanced preferences under "about:config". Here the
services.sync.prefs.sync.browser.newtabpage.enabled settings should be changed to "false", and the
browser.newtab.url setting should be modified to say
about:blank instead of
about:newtab. Doing so will cause the new tab page to display a blank page instead; once Mozilla releases an update for Firefox, users may need to re-enable these settings to return the new tab functionality to its defaults.
- Firefox 13 tripped up by Flash patch, a report from The H.