New Tab preview window showing sensitive ecrypted information!
A recent update to my mozilla firefox for desktop has raised an interesting issue. The new Tab function shows sample windows of sites previously visited. I appreciate this function can be switched off, however I found preview images of my bank account complete with statement pages and other supposedly encrypted information. The fact this information has been saved on my browser would make a nonsense of my Bank's security?
Eminye Imininingwane Yohlelo
Ngaso sonke isikhathi lapho i-Firefox ivulwa
Lokhu kwaqala ngenkathi...
after last update
- I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Will be contacting my Bank's IT section for their comments.
To repeat what I have said above:
- This is not a Firefox only problem. Other browsers also cache site/images for faster reloading.
- You must complete all 5 steps that I outlined above. Simply entering PB, doing your banking, then turning off PB does not remove the item(s) from the cache. I have known about this for over 20 years. It occurred in Netscape Navigator, predecessor to Firefox, and it also occurs in IE. Other browsers do the same.
- If you read the links posted at the end of John99's last response, you will see that there is some misunderstanding and disagreement about the "no store" and "no-cache" headers. You do not need to understand everything in those discussions, just that it is a long-outstanding issue with no current resolution.
You can follow my suggestion(s) or not or the suggestions made by others in this thread or not, it is your decision. The suggestions that I made work for me and have worked well for many years.
Okulungisiwe ngu SafeBrowser
it appears this was in fact a regression and if I am reading it correctly has already been fixed in Firefox 15 (Aurora)with a possibility it will go into Firefox 14 (Beta) shortly. So if you want the fix now consider using the Aurora channel.
Bug 754608 - [New Tab Page] shows thumbnails from pages with "Cache-Control: no-store", and HTTPS pages when HTTPS disk caching is disabled
And although I did not find a security review, there is a Privacy review
- " Privacy/Reviews/New Tab " https://wiki.mozilla.org/Privacy/Reviews/New_Tab
Okulungisiwe ngu John99
I find it a little disconcerting that this issue is seen as a non problem for firefox devs so much so that all they can or will say is 'Well its the same on other browsers' or 'turn it off if you dont like it'
I am sorry but what kind of help is that, I now have a browser that when I go to a new tab there are the images of me logging into my bank, credit card company and any other secure website I use along with any information thats not starred out whether or not I have 'remember me' ticked (which I dont).
My god thanks for being so liberal with my information and not giving a rats arse about it looks like its new browser time for me, It seems to me you lot have grown just a little too big for your boots you have forgotten these are things you make for us to use and its voluntary not compulsory. So why do you insist on putting stupid things in it that make it less secure than it was and then simply tell us to turn it off as if we are simpletons for not realising how great it is.
Thanks for nothing.
You can create a new Boolean pref with the name browser.pagethumbnails.capturing_disabled and set the value to true to disable the thumbnails.
You will have to clear the cache to remove already stored images.