Modernizing Authentication — What It Takes to Transform Secure Access
The Register's John Leyden reports that the 'New Tab' thumbnail feature in Firefox 13, which displays screenshots of recently-visited Web sites as thumbnails, shows more information than most users might want or expect.
"[The Register] reader Chris discovered the feature after opening a new tab only to be 'greeted by my earlier online banking and webmail sessions complete with account numbers, balances, subject lines etc.,'" Leyden writes.
Leyden says Mozilla has promised to patch the flaw, stating, "We are aware of the concern and have a fix that will be released in a future version of Firefox. Mozilla remains resolute in its commitment to privacy and user control. The new tab thumbnail feature within Firefox does not transmit nor store personal information outside the user's direct control."
"While other browsers have long included the ability to see a list of 'most visited' pages, they don't restore data contained on HTTPS pages," notes InformationWeek's Mathew J. Schwartz.
"The fact that sensitive data is displayed is breach of user privacy, and it's a serious concern in cases where people share computers," writes PCMag.com's Fahmida Y. Rashid. "The information could be stored and displayed to subsequent users without the original user being aware that account numbers or content of emails had been exposed."
"Just to be on the safe side -- and especially if you are on a shared computer -- it’s probably be best to turn this feature off for the time being," writes TechCrunch's Frederic Lardinois. "On a shared computer, of course, you can also use Firefox’s Private Browsing Mode (which you should probably do anyway if you are using a public machine)."