Firefox Security Bug Not a Bug at All - blackmonpossell

A "bug" in the a la mode version of Firefox that exposes unattackable information in the browser's New Tab window may not be a defect at all, according to one security researcher.

The Hot Tab feature in Firefox 13 displays thumbnails of previously visited World Wide Web pages whenever a new tab is opened in the browser. Those thumbnails include information from sheltered, operating room HTTPS, websites, too.

Single Firefox user according that he discovered information in the thumbnails from previous online banking and webmail sessions that included account numbers, balances, and subject field lines, according a report in The Register. That means anyone maiden rising the browser in your computer could have easy access code to some of your to the highest degree sensitive info. It also creates a abundant target for cyber criminals hard to snatch info from your computer remotely.

Mozilla has pledged to localisation the problem.

The New Tab bug, though, may not be a bug at entirely, contends Sophos security department researcher St. Paul Ducklin. Atomic number 2 pointed out in a blog Fri that data from plug websites has been habitually stored in the chronicle lay away of Firefox for some time. That's because communicating from a web browser to a secure website is encrypted in transportation system merely not at either end of the communication. So if someone intercepts the information in transit, IT will look ilk scraps to them. If they grab it from the stash, though, it won't.

While acknowledging that the New Tab flaw is a security problem that should be fixed, the root of the problem is verisimilar to remain, helium argues. For example, anyone that has access to a electronic computer running Firefox, or for that matter Chrome, can survey everything in the cache opening it up by typing "about:cache" or "chrome://stash/."

"So the newfound data leakage imputable the thumbnails is a flake of a red herring," Ducklin writes. "The information from which Firefox 13 builds its thumbnails has been there all on in previous Firefox versions."

Several workarounds cover the New Tab key job, but they break dow to address the root problem, he maintains. They leave enshroud the New Tab thumbs, but they South Korean won't affect the entropy in the cache accustomed conception those thumbs.

A standard of security system can embody obtained by changing the privacy settings in Firefox so that the browser's chronicle is cleared each metre software is stoppered, Ducklin notes. He as wel recommends that every time you perform a chore in Firefox that involves personal identifying information, you clear the recent account in the software done its tool menu.

Follow freelance engineering science writer John P. Mello Jr. and Today@PCWorld connected Twitter.