Firefox 'New Tab' Feature Exposes Secured Information

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Firefox 13 released earlier this month, came updated with a ‘New Tab’ page that brought with it new problems. The pages retain their information even when closed. Mozilla promises a fix for the glitch in the next release of Firefox.

The latest version of Firefox includes two new notable updates to the Home and new Tab pages and was released on June 5th. If you haven't already updated, you might want to wait for a patch.
Click to expand...
 
This is why I don't do any banking/CC stuff with Firefox. I remember them having this same issue years ago.

I'll stick with IE for important stuff.
 
plunger said:
This is why I don't do any banking/CC stuff with Firefox. I remember them having this same issue years ago.

I'll stick with IE for important stuff.
Click to expand...

Hahahahhahahahha. Can't tell if trolling or just stupid.

As every security conscious person will testify to, once you have physical access to a box, it is compromised. Don't even joke about using IE for anything sensitive. It has the track record of a repeat violent offender. Let's compare remote root exploits in browsers, IE vs anything else for example.

As for the privacy flaw here, it is only saving a thumbnail. No banking site I have ever used prints your account number in full or any credit card information besides the publicly allowed last 4 digits. Also why on earth are you banking at a public computer without private browsing? Anyone using at home or work are already protected behind their own login and secured root directory.

This supposed "flaw" is in the exact same boat as the "save my password" feature which no one bitches about and is supported in IE as well.

Please come back when you can back up your claims with logic.
 
Dumb but at least there are simple workarounds and such.
 
plunger said:
This is why I don't do any banking/CC stuff with Firefox. I remember them having this same issue years ago.

I'll stick with IE for important stuff.
Click to expand...

Yup, after lots of press that the alternate browser community willfully ignored, I've pretty much given up on getting any sort of security out of anything but IE. Sure, picking up IE is like selecting the best of the worst, but Chrome basically is malware thanks to Google designing it to be the perfect data collection tool and Firefox has issues across the board from memory management to gaping security holes.

I guess there's Opera, but that's about to become Facebook malware. :(
 
SkribbelKat said:
Yup, after lots of press that the alternate browser community willfully ignored, I've pretty much given up on getting any sort of security out of anything but IE. Sure, picking up IE is like selecting the best of the worst, but Chrome basically is malware thanks to Google designing it to be the perfect data collection tool and Firefox has issues across the board from memory management to gaping security holes.

I guess there's Opera, but that's about to become Facebook malware. :(
Click to expand...

What about Safari?
 
Firefox retaining information after pages close when making new tabs has been an issue since the 2.0 days. I could close every tab open and open one new tab before I closed the last one... that one new tab having no navigational history... and the memory consumption by Firefox would never go down. Even if you disabled memory cache.

For you guys complaining about Chrome being Google Malware... there's Chromium. Use the open source version instead.
 
+1 to Chromium and Opera.
Safari is a bit dated in my opinion, but it's still a step up from IE.

IE has a LOT of compatibility issues, and lulz at Firefox.
 
JosiahBradley said:
Hahahahhahahahha. Can't tell if trolling or just stupid.

Please come back when you can back up your claims with logic.
Click to expand...

passi.jpg

Firefox > Tools > Options > Security > Saved Passwords > Show Passwords

:eek:
 
plunger said:
passi.jpg

Firefox > Tools > Options > Security > Saved Passwords > Show Passwords

:eek:
Click to expand...

Fine I won't even try to argue you obviously are a security expert... Its your machine and you chose to not only save password but to then go through a dialog to show them and do this on, what? a shared account?

I'm sick of the internet, it's brimming to the top with retards... It's like a fucking religion, give any semblance of logic and valid reasoning and all you are presented with is this^

And these people make up the majority of people and get to breed, passing on their genes. Fuck it I'm out...

Internet Explorer password in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms.
Click to expand...

You can get them using a program like passview...
 
Yeah, I noticed that it did that one day when I opened a new tab and saw that it should a lot of my ummm history.... :eek:
lol
 
So, this is a physical location problem and not something that can be exploited over the net?

If anybody wants to disable this feature for now, go to about:config and look for browser.newtab.url and change it from about:newtab to about:blank.
 
If you are telling your browser to remember your bank/financial passwords, you deserve to have your cheddarz pilfered.
 
I have 3 passwords that I use in all my accounts.

1 is my high secure which i use for all financial accounts.
1 is high secure that i use for all other important accounts
1 is secure that i use on everything else.

Most days i still can't remember which one i used where, but the system still works.

Also a lot of this browser stuff is really a non-issue for private home computers. Unless you're a famous hollywood celebrity, and you let your douche boyfriend into your computer where for some reason you find it necessary to store nude pictures of yourself. OMG what a tragedy!
 
mastaBlasta said:
I have 3 passwords that I use in all my accounts.

1 is my high secure which i use for all financial accounts.
1 is high secure that i use for all other important accounts
1 is secure that i use on everything else.

Most days i still can't remember which one i used where, but the system still works.

Also a lot of this browser stuff is really a non-issue for private home computers. Unless you're a famous hollywood celebrity, and you let your douche boyfriend into your computer where for some reason you find it necessary to store nude pictures of yourself. OMG what a tragedy!
Click to expand...

I have a similar system, but I need to do a revamp. I also use Firefox exclusively but I will start using IE more. If I'm not mistaken every time there was a browser exploit contest, IE always won over the competition. So the fact that IE is the most unsecure browser is an old meme people still hang on to.
 
mastaBlasta said:
I have 3 passwords that I use in all my accounts.

1 is my high secure which i use for all financial accounts.
1 is high secure that i use for all other important accounts
1 is secure that i use on everything else.

Most days i still can't remember which one i used where, but the system still works.

Also a lot of this browser stuff is really a non-issue for private home computers. Unless you're a famous hollywood celebrity, and you let your douche boyfriend into your computer where for some reason you find it necessary to store nude pictures of yourself. OMG what a tragedy!
Click to expand...

That catch here is that if you can't remember which is which, you are passing out your "secure" password to less secure sites. Not that big a deal, unless the site is directly compramised and storing all password attempts.

Second, it is only a non-issue if you never use your computer for online banking. It is a partial issue if you ever use a credit card to buy something (a fairly large hassle to take care of, but your credit card is much more likely to be stolen from an ecommerce site or even the bank itself).

Finally, no matter how bad firefox is trusting Microsoft software on matters of security is always going to fail.
 
Wumpus said:
Finally, no matter how bad firefox is trusting Microsoft software on matters of security is always going to fail.
Click to expand...

I dunno, lots of Microsoft OS products have made EAL 4 which is pretty decent. Stuff like T-Sol is evaluated at EAL 4 as well.

http://en.wikipedia.org/wiki/Evaluation_Assurance_Level

Most high profile security breeches are done by insiders or the result of stupid implementation of available security mechanisms due to lazy or unqualified administrators. While nearly every piece of software can be exploited, I'd be more inclinded to invest trust in a product that puts a corporate reputation on the line than something that was cobbled together by a pack of amatures who are hacking code in their spare time. While there's certainly a place for FOSS in the world, relying on it to provide airtight security is asking for it.
 
SkribbelKat said:
I dunno, lots of Microsoft OS products have made EAL 4 which is pretty decent. Stuff like T-Sol is evaluated at EAL 4 as well.

http://en.wikipedia.org/wiki/Evaluation_Assurance_Level

Most high profile security breeches are done by insiders or the result of stupid implementation of available security mechanisms due to lazy or unqualified administrators. While nearly every piece of software can be exploited, I'd be more inclinded to invest trust in a product that puts a corporate reputation on the line than something that was cobbled together by a pack of amatures who are hacking code in their spare time. While there's certainly a place for FOSS in the world, relying on it to provide airtight security is asking for it.
Click to expand...

Wow man, good post. I was thinking the same thing just not as articulately stated as this. *thumbs up*
 
XamediX said:
Wow man, good post. I was thinking the same thing just not as articulately stated as this. *thumbs up*
Click to expand...

Aw gee thanks. I try not to post too many of those sorts of comments. :) They'll spoil my reputation as a village idiot.
 
You've always been able to see Username and password in FireFox.......Why are they finally findout out about this now?
 
techrat said:
For you guys complaining about Chrome being Google Malware... there's Chromium. Use the open source version instead.
Click to expand...

I forgot to say thanks yesterday for pointing that out. You're such a peach, techrat! I don't understand why refraxion doesn't like you.
 
Monkey God said:
If you are telling your browser to remember your bank/financial passwords, you deserve to have your cheddarz pilfered.
Click to expand...

This.
Not that hard to get the info off of, even if one isn't on that exact account.
Thank you, Firefox caching features. :eek:
 
Cali3350 said:
IE9 is where its at. IE haters are getting old.
Click to expand...

So is ignorance of web browsers.
Seriously though, IE9 is a big improvement over 8, but it still lacks in many ways.

IE9 is where it's at... to download a different web browser.
 
SkribbelKat said:
I forgot to say thanks yesterday for pointing that out. You're such a peach, techrat! I don't understand why refraxion doesn't like you.
Click to expand...

Cause apparently butthurt is a terminal condition with him. In one thread, I slammed him for being a hypocrite and that was almost 2 months ago. I've had him on ignore since. If he's still whining, that's his problem.

In any case, feel comfortable using Chromium. You can still use all the Chrome plugins with it and there's none of the Google tracking/auto updating/branding within. Chromium + Google Crap = Chrome.
 
Red Falcon said:
So is ignorance of web browsers.
Seriously though, IE9 is a big improvement over 8, but it still lacks in many ways.

IE9 is where it's at... to download a different web browser.
Click to expand...

Geeks can go on and on about how Chrome is better than IE or FF or pick whatever browser comparison you wish. Pretty much all the major browsers will do what 99% of people need them to do almost interchangeably until we get into extensions which aren't as big of a deal I think as they use to be I think.
 
Just like the FB email fiasco making waves now, these things happen because users accept them. If you want a stable, secure browser, then move towards those releases. Firefox 10.0.5 ESR is what I use everywhere. New features are rife with common mistakes are just waiting to be uncovered.

What ever happened to update vs upgrade? If you don't care to be secure any longer and always install the latest "upgrade," why complain about it? That's your decision.

I often tell others "I don't surf the same Net as you do," because I use a stable release with No Script. I don't see the annoying ads, get exposed to ads flash-based malware, or new vulnerabilities in features added last week. They call that the "bleeding edge" people, you bleed. Just accept it and move on unless you are actually willing to change your own actions. I for one do not feel like wasting time fixing problems with beta software. It is the antithesis of the expression, "It just works."

YOU can fix the problem yourself, just downgrade to a stable release. This is apparently a new feature with v13.
 
You must log in or register to reply here.
Back
Top