Why do the new Tiles show password-protected content?
I updated to the new 33.1 version of firefox with the enhancements to the tiles displayed on a blank tab. I do not know if this behavior started prior to this update, or with it; just that my attention was drawn to it during the 33.1 tour.
Issue: Some of the tiles are displaying screenshots of pages that are password-protected. These are for sites that I am currently NOT LOGGED IN TO. Therefore, my expectation is that no protected data should be visible. This is not what is happening. An FTP site clearly shows filenames and data; my dropbox account shows the various folders, etc. Again, these are accounts I am signed out of, so there is no way firefox should have cached images of them.
In my opinion this is a serious security bug that needs addressed. In the meantime, any way I can disable this behavior?
Усі відповіді (1)
Firefox captures thumbnails while you are viewing a site and caches those for later display on the new tab page. It is not doing a real-time login to your FTP site.
You can block sites from the new tab page if you do not want them there. When mousing over the tile, look for the "X" in the upper right corner.
To stop Firefox from capturing a thumbnail image of a site, currently, there is a preference you can add to completely stop Firefox from capturing thumbnails at all, but the bug filed to try to work out how to block sensitive sites selectively is still under discussion.
To use that global preference:
(1) Select and copy the following preference name: browser.pagethumbnails.capturing_disabled
(2) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(3) In the search box above the list, type or paste thumb and pause while the list is filtered. (This isn't strictly necessary, but makes it easier to see your change after you make it.)
(4) Right-click in the list area and choose New > Boolean. In the dialog asking for the preference name, paste the one you copied earlier and click OK. Given the choice between false and true, choose true to disable capturing of thumbnails and then click OK.
This is not retroactive, so Firefox still will have copies of your previously captured thumbnails. I'm sure there is a way to clear those, but I'd have to research it.
Regarding the bug report I mentioned: 755996 – [New Tab Page] shows sensitive information in the thumbnails. See also: Bugzilla Etiquette, Voting.