I see these, too, running Fx12 on Windows 7. They are described in the (extremely voluminous!) about:cache interface as page thumbnails. I've attached some screen shots.

The text is extremely difficult to see, so I don't know whether it is a serious privacy/security risk. I would be curious to know how long they linger.

I think these support the Windows feature of showing a preview of a window or tab when you float over a taskbar button. (No idea whether there is a similar preview feature on Mac.) This feature is not enabled by default; users need to enable it in about:config. However, add-ons may be able to use the thumbnails because they have privileged access to the cache.

(Note: This feature was added pursuant to 497543 – Provide a thumbnail service. It "landed" on or about Jan. 28, 2012, so its first appearance in a released version of Firefox might have been Fx12.)

The thumbnails may also be related to the about:newtab page that hasn't been enabled yet in Firefox 12, but will in Firefox 13.

Thanks for your responses.

In my about:cache, in the "Disk cache device" section clicking the link for "List Cache Entries" lists a lineitem for each cached file.

This page doesn't provide the path and filename for each lineitem listed (which would serve as a unique ID) so each lineitem can relate to each folder/subfolder/filename in my cache. (It looks like a "first grade attempt" to create a database for someone who didn't yet realize that page 1 of database creation requires that a unique ID be part of the table, so each lineitem can be linked to the items they refer to (in this case cache files)). {And to digress for a moment: Then again FF has the same issue at the user interface level, when I open the Library window and enter search terms to look for a bookmark. When I click a found bookmark it shows me the URL it refers to, and lots of other things, but fails to show me where, in my complex bookmark folder structure, this particular found bookmark is located. If I wanted to move it to a different location I can't find it. The workaround, as I recall, is that you must revisit the bookmark's webpage (worthless when working offline) (and it causes the Last Visited Date etc. to change, even if you didn't want that) then click the Star icon in the Location field (as if you're going to bookmark the same website twice) then click a button to expand that dialog and view the path to the folder where the bookmark lives. Then go back to the library and find it. A kluge implementation workaround, rather than simply showing the path in the Library window}.

The workaround to find the cache file related to a lineitem is to use Quick Look on the Mac to view each item in cache until I find the image file (in this case the image of the Firefox Plugin Check webpage) select the file and Get Info to get the actual size in bytes, then in FF, search for a related lineitem's byte size in the list (as this is the only, sometimes unique ID, sometimes not unique ID, that will let me relate each lineitem to a cached file).

Luckily my cache was cleared, earlier, so there is only one lineitem for each cache file's byte size: Key Data Size Fetch Count Last Modified Expires https://www.mozilla.org/en-US/plugincheck/ 26649 bytes 1 2012-04-30 14:33:35 No expiration time

https://www.mozilla.org/img/covehead/plugincheck/screenshot.jpg 36132 bytes 1 2012-04-30 14:33:29 2012-04-30 14:43:48

So to answer your question about whether these items ever expire: The top lineitem (an image of the page I visited to check that my plugins were up to date) never expires.

The second lineitem (a FF self generated image of a window showing what plugins I have installed) is set to expire 10 minutes after it was created. The file was created at 2:33 PM today, and it is now 3:20 PM and it still remains viewable in my cache. To test if Firefox is responsible for managing when to delete expired items I quit FF 12.0 and opened it again, yet the file still remains in my cache and Quick Look shows me an image of it. Just to make sure I then Quit, and opened FF 12.0 a second time, and the file still remains in my cache, and Quick Look shows me an image of it. So just because a property of a file shows it expired, there is no management routine that uses this to delete expired items. In FF for Mac at least, all cached items stay in cache until the cache is cleared, manually by clicking the button, or if you set FF to limit the cache size to a maximum amount. There is no checkbox for "Clear cache items that are older than x days from their Last Modified Date." nor "Clear expired items upon Firefox close." I assume that any plugins could therefore access these screenshot images.

Whether it is a security problem, i.e., could the image really display readable confidential information considering it's small 201 x 127 pixel dimensions? Yes. When user uses the FF magnify feature {on the Mac: Command + (to zoom in) and Command - (to zoom out)} (e.g., pressing Command + 5 times) then whenever the page reloads, standard size text at the top of the page is suddenly all easily readable when magnified. I tested it by magnifying and reading the text of my own question posted to this webpage.

This 201 x 127 screenshot thumbnail of this webpage, from my cache, is attached. On this webpage you will need to click the image to view it at full size to see that its text is readable. If you have a Mac you can zoom in further by pressing the Ctrl key using two fingers pushing forwards on your trackpad.

If, in FF Preferences, Contents tab, I clear the checkbox for "Allow pages to choose their own fonts, instead of my selections above", then I set my own fonts and sizes; then some webpages will accept and redraw with the new font and size, others will only accept the user defined font, but not user defined sizes. This could also lead to readable text in these thumbnail image screenshots as well.

Thanks for the link to the bugzilla page "Bug 497543 - Provide a thumbnail service".

It looks like the privacy/security discussion on implementing screenshots, quickly ended, once the programmers created some code. Now its part of a released version, presumably without any serious review of the implications. I guess we should all just cross our fingers on this "feature", until some jerk exploits it and Firefox programmers have to suddenly backtrack and change all sorts of code.

Thanks jscher2000 and cor-el for the help.

Article in PC World - Mozilla Claims to have this fixed!

But I know for sure that this may not be100%accurate, as my own browser Version (Nightly) still leaves the files intact and does not expire them. Will Be adding Bug details here After I figure out a solution. -TiT

Hi TerrificInTahoma, do you have the new thumbnails-in-profile-folder on Nightly or are they still in the cache?

Hi jscher2000:

I have the latest nightly build under win xp SP2 and win7 (Notebook).

In the XP box, the file folder is in the cache, but for some reason,I am having difficulty viewing it under a 'normal' user account.

It's there, because I can point the windows search compainion to the profile directory, and click on search for [glob.png] file types. and it [companion] returns with a host of entries.

Temporarily, though I have enabiled the disable parameter from the bug fix, -AND- Flagged the "Cached Web Content" >Tools>Options>Advanced >>Network

to OVERIDE the default settings and ONLY Store 6 MB of Cached Content

That probably won't help. Firefox has coded a minimum of 50 MB for the cache.

We set a lower bound of 50MB and an upper bound of 1GB.

• http://mxr.mozilla.org/mozilla-central/source/netwerk/cache/nsCacheService.cpp#569

You can create a new Boolean pref browser.pagethumbnails.capturing_disabled on the about:config page and set the value to true if you want to disable the thumbnails altogether.

• http://kb.mozillazine.org/about:config

Thanks to Cor-el for the post about setting the "new Boolean pref browser.pagethumbnails.capturing_disabled on the about:config page" and setting it to true to disable thumbnails. It works (well, except that an image of your add-ons window is still captured).

I'd like to click "Solved It" for cor-el's post, but the only buttons listed are "Helpful" and "Not Helpful". Even searching the entire page for the word "solved" results in "Phrase not found".

Nevermind. Somehow the very first response got set as the solution (I don't recall clicking it, but maybe I did). I clicked Undo and then clicked "Solved It" next to Cor-el's post.

Thanks.

The boolean option only stops the action of saving the images on disk. You have to manually go to C:\<salt>.default\thumbnails\ and Delete the older files. (and possibly run a file security against the diskspace) to get the space back.

...but its a start.

Hi TerrificInTahoma, Under Mac OS X, Firefox (currently I'm running 14.0.1) doesn't save the thumnails to a separate folder, but it mixes them in with all other cache files in my: ~/Library/Caches/Firefox/Profiles/<salt>.profilename/Cache/ inside of which are folders 0 through 9 and A, B, C, D, E and F (I guess there's some hexadecimal routine that made them want to use 16 folders). It would be easier if they stored them all in a separate "thumbnails" folder. And, yes, since I became aware of the security problem I've been deleting my cache files manually in the Finder (equivalent to Explorer in Windows) using Secure Delete. Thanks.

The thumbnails folder will be used in Firefox 16+ to store the thumbnails.
Currently the browser cache is used.

• bug 726347 - [Page Thumbnails] add preference to disable capturing thumbnails in the background