InformationWeek reports on a privacy problem with the latest version of the Firefox browser from Mozilla:
When Firefox version 13 debuted earlier this month, it included a new tab-restoration feature–but at what privacy cost? “When opening a new tab, users are now presented with their most visited pages,” according to Mozilla’s Firefox 13 release notes.
But as one Firefox user discovered, that tab-restoration feature was also “taking snapshots of the user’s HTTPS session content,” reported The Register, after one of its readers opened a new tab and was “greeted by my earlier online banking and webmail sessions complete with account numbers, balances, subject lines, etc.”
While other browsers have long included the ability to see a list of “most visited” pages, they don’t restore data contained on HTTPS pages. “This content is behind a secure login for a reason,” noted the Register reader, and the ability of anyone who subsequently opened Firefox to see all of that information would constitute an obvious breach of the user’s privacy, as well as data security. Furthermore, for users of Firefox 13 on shared computers, the information could potentially be stored and made available to subsequent users, without the original user being aware that the data had ever been captured.
Mozilla acknowledged the issue and said it’s working on a fix. “We are aware of the concern and have a fix that will be released in a future version of Firefox,” said Mozilla spokeswoman Valerie Ponell via email. […]
In the meantime, how can users disable the tab-restoration feature? For starters, Ponell noted that the feature is based solely “on users’ browsing history,” and that the stored information can be deleted by users via the preferences screen. “Users can also switch back to using blank new tab screens by clicking the square icon in the top right corner of the browser,” she said. “That will change the default preference to show a blank page, rather than the most visited websites when a new tab is opened.”
But she advised anyone who uses Firefox 13 on a shared computer to use “the built-in privacy tools in Firefox, such as Private Browsing Mode,” which will also prevent a copy of the session tab from being recorded.