In association with heise online

25 June 2012, 17:11

Security concerns over Firefox's "new tab" thumbnail feature

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom On the New Tab page, Firefox 13 displays thumbnail screenshots of the nine most visited pages
One of the new features in the recent Firefox 13 release is raising security concerns from privacy-conscious users: when users open a new tab in version 13 of the open source web browser, they are presented a grid of the nine most visited pages, each with its own screenshot thumbnail. These thumbnails could be displaying private information though.

The new feature is intended it to make it easier for users to quickly identify frequently visited pages that they may wish to revisit. However, it does not differentiate between secure and unsecured sites. Pages secured using HTTPS connections such as those for email and online banking also have screenshots taken of them and can be displayed on the new tab page; these could potentially include confidential data. Although a similar feature exists in Google's Chrome browser, the thumbnails are not as large or as clear in that browser as they are in Firefox.

In a statement, Mozilla told The Register that it is aware of the problem and says that it will be fixed in "a future version of Firefox". The non-profit organisation goes on to note that "The new tab thumbnail feature within Firefox does not transmit nor store personal information outside the user's direct control," adding that, "All information is contained within the browser and can be deleted at any time."

Zoom Users can disable the new tab feature by changing these advanced preferences
While the new behaviour can be toggled by clicking a grid icon in the upper right hand corner of the page, users can completely disable the new tab page feature in Firefox by changing some advanced preferences under "about:config". Here the browser.newtabpage.enabled and services.sync.prefs.sync.browser.newtabpage.enabled settings should be changed to "false", and the browser.newtab.url setting should be modified to say about:blank instead of about:newtab. Doing so will cause the new tab page to display a blank page instead; once Mozilla releases an update for Firefox, users may need to re-enable these settings to return the new tab functionality to its defaults.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit