Firefox 13 was released earlier this month, and among the top six features, the new tab page was one. Not only was this new feature well received by Firefox users, it was also one of the major interface changes the browser has implemented since going on a rapid release cycle. Unfortunately, it’s hit a bug all too soon. The speed dial feature that so many users were glad to have incorporated by default in the browser takes snapshots of websites, regardless of whether they are viewed over an HTTP or HTTPS protocol. This puts secure HTTPS content captured on several websites in plain view. Why is this dangerous? Sites that mandate an HTTPS protocol are usually ones where sensitive information, like banking details, credit card numbers etc, are exchanged, and that isn’t information you want out in the open. The issue was first discovered by The Register, and Mozilla have acknowledged this breach. An update has been promised, but in the mean time, here is how you can disable the new tab page, which is the only way of staying safe.
Open Firefox and type about:config in the URL bar, promise Mozilla that you’ll be careful on the warning page that opens, and proceed to Firefox’s preferences. Using the search bar, find browser.newtabpage.enabled. The value of this preference will be set to True, double click it to change it to False. This will disable the New Tab page completely, and snapshots of sites you’ve frequently visited will no longer be saved.
At present, this is the only sure way of protecting your data. There has been some speculation on Mozilla blogs that the snapshot is too small to see anything meaningful, and shouldn’t necessarily be a concern, but since the information is so sensitive, you may want to avoid the risk. It isn’t likely that anyone will use the screenshot and enhance it CSI style, but there might be more to the information being saved, and if you share a computer, the risk is higher.
For now, to make up for the missing functionality, you can continue using one of the many add-ons that give you the Speed Dial feature. There are a ton of them out there, like Super Smart, which you can use while you wait for the update from Mozilla.
Call it bad luck or just something that passed under the radar when Firefox 13 was in Beta, but this is the second major glitch that Mozilla have encountered with the rapid release cycle. The last time a glitch called for an immediate patch, was when Firefox 7 seemingly ate the installed add-ons.
[via The Register]