X
Tap here to go to the mobile version of the site.

Support Forum

Why do the new Tiles show password-protected content?

Posted

I updated to the new 33.1 version of firefox with the enhancements to the tiles displayed on a blank tab. I do not know if this behavior started prior to this update, or with it; just that my attention was drawn to it during the 33.1 tour.

Issue: Some of the tiles are displaying screenshots of pages that are password-protected. These are for sites that I am currently NOT LOGGED IN TO. Therefore, my expectation is that no protected data should be visible. This is not what is happening. An FTP site clearly shows filenames and data; my dropbox account shows the various folders, etc. Again, these are accounts I am signed out of, so there is no way firefox should have cached images of them.

In my opinion this is a serious security bug that needs addressed. In the meantime, any way I can disable this behavior?

I updated to the new 33.1 version of firefox with the enhancements to the tiles displayed on a blank tab. I do not know if this behavior started prior to this update, or with it; just that my attention was drawn to it during the 33.1 tour. Issue: Some of the tiles are displaying screenshots of pages that are password-protected. These are for sites that I am currently NOT LOGGED IN TO. Therefore, my expectation is that no protected data should be visible. This is not what is happening. An FTP site clearly shows filenames and data; my dropbox account shows the various folders, etc. Again, these are accounts I am signed out of, so there is no way firefox should have cached images of them. In my opinion this is a serious security bug that needs addressed. In the meantime, any way I can disable this behavior?

Additional System Details

Installed Plug-ins

  • Shockwave Flash 15.0 r0
  • Next Generation Java Plug-in 10.71.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Google Update
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.9
  • 5.1.30514.0
  • Citrix Online App Detector Plugin
  • GEPlugin
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.8.638
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

Application

  • Firefox 33.1
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
  • Support URL: https://support.mozilla.org/1/firefox/33.1/WINNT/en-US/

Extensions

  • Adblock Plus 2.6.5 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Firebug 2.0.6 (firebug@software.joehewitt.com)
  • Integrated Authentication for Firefox 3.0.1 (extension@firefox-ntlmauth.googlecode.com)
  • OneLogin Firefox Extension 2.2.21 (extension@onelogin.com)
  • SSL Version Control 0.3 (jid1-ZM3BerwS6FsQAg@jetpack)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • WebDAV Launcher 1.0.8 (webdavlauncher@benryan.com)
  • IDS_SS_NAME IDS_SS_VERSION ({D19CA586-DD6C-4a0a-96F8-14644F340D60}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA GeForce GT 640
  • adapterDescription2:
  • adapterDeviceID: 0x0fc1
  • adapterDeviceID2:
  • adapterDrivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
  • adapterDrivers2:
  • adapterRAM: 2048
  • adapterRAM2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 1-18-2013
  • driverDate2:
  • driverVersion: 9.18.13.1106
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA GeForce GT 640 Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.cache.frecency_experiment: 3
  • browser.link.open_newwindow: 2
  • browser.places.smartBookmarksVersion: 7
  • browser.search.useDBForOrder: True
  • browser.sessionstore.upgradeBackup.latestBuildID: 20141106120505
  • browser.startup.homepage: about:home
  • browser.startup.homepage_override.buildID: 20141106120505
  • browser.startup.homepage_override.mstone: 33.1
  • browser.tabs.warnOnClose: False
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 33.1
  • font.internaluseonly.changed: False
  • gfx.direct3d.last_used_feature_level_idx: 0
  • gfx.direct3d.prefer_10_1: True
  • media.gmp-gmpopenh264.lastUpdate: 1413896162
  • media.gmp-gmpopenh264.version: 1.1
  • media.gmp-manager.lastCheck: 1415716444
  • network.automatic-ntlm-auth.trusted-uris: http://i3portal.inin.com
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1415716445
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.flash: 1
  • privacy.donottrackheader.enabled: True
  • privacy.sanitize.migrateFx3Prefs: True
  • security.tls.version.min: 1
  • security.warn_viewing_mixed: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1413998996

Misc

  • User JS: No
  • Accessibility: No
jscher2000
  • Top 10 Contributor
8792 solutions 71907 answers

Firefox captures thumbnails while you are viewing a site and caches those for later display on the new tab page. It is not doing a real-time login to your FTP site.

You can block sites from the new tab page if you do not want them there. When mousing over the tile, look for the "X" in the upper right corner.

To stop Firefox from capturing a thumbnail image of a site, currently, there is a preference you can add to completely stop Firefox from capturing thumbnails at all, but the bug filed to try to work out how to block sensitive sites selectively is still under discussion.

To use that global preference:

(1) Select and copy the following preference name: browser.pagethumbnails.capturing_disabled

(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(3) In the search box above the list, type or paste thumb and pause while the list is filtered. (This isn't strictly necessary, but makes it easier to see your change after you make it.)

(4) Right-click in the list area and choose New > Boolean. In the dialog asking for the preference name, paste the one you copied earlier and click OK. Given the choice between false and true, choose true to disable capturing of thumbnails and then click OK.

This is not retroactive, so Firefox still will have copies of your previously captured thumbnails. I'm sure there is a way to clear those, but I'd have to research it.


Regarding the bug report I mentioned: 755996 – [New Tab Page] shows sensitive information in the thumbnails. See also: Bugzilla Etiquette, Voting.

Firefox captures thumbnails while you are viewing a site and caches those for later display on the new tab page. It is not doing a real-time login to your FTP site. You can block sites from the new tab page if you do not want them there. When mousing over the tile, look for the "X" in the upper right corner. To stop Firefox from capturing a thumbnail image of a site, currently, there is a preference you can add to completely stop Firefox from capturing thumbnails at all, but the bug filed to try to work out how to block sensitive sites selectively is still under discussion. To use that global preference: (1) Select and copy the following preference name: '''browser.pagethumbnails.capturing_disabled''' (2) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful. (3) In the search box above the list, type or paste '''thumb''' and pause while the list is filtered. (This isn't strictly necessary, but makes it easier to see your change after you make it.) (4) Right-click in the list area and choose New > Boolean. In the dialog asking for the preference name, paste the one you copied earlier and click OK. Given the choice between false and true, choose true to disable capturing of thumbnails and then click OK. This is not retroactive, so Firefox still will have copies of your previously captured thumbnails. I'm sure there is a way to clear those, but I'd have to research it. ---- Regarding the bug report I mentioned: [https://bugzilla.mozilla.org/show_bug.cgi?id=755996 755996 – [New Tab Page] shows sensitive information in the thumbnails]. See also: [https://bugzilla.mozilla.org/page.cgi?id=etiquette.html Bugzilla Etiquette], [https://bugzilla.mozilla.org/page.cgi?id=voting.html Voting].