Firefox snapshot bug a 'red herring'

Powered by SC Magazine
 

Clean your cache.

A bug found within Firefox’s new tab system is a “red herring” and only makes secured browsing data more accessible.

The bug was found in a feature within the latest version of Firefox that captured thumbnail snapshots of websites visited by users. 

A reader of The Register found that the snapshots also trapped secured HTTPS browser data meaning anyone with access to a computer could view potentially sensitive information.

Mozilla was quick to announce plans to fix the bug to prevent tabs slurping HTTPS data.

But the bug was “a bit of a red herring” according to Sophos scribe and Asia Pacific technology head Paul Ducklin, because the information used to build the feature had existed in previous versions of the browser.

Ducklin pointed out that HTTPS data was always available in the browsers’ cache and switching off the new feature – touted as a workaround -- did not resolve the problem.

“In my HTTPS experiments, turning off the thumbnails didn't do anything about Firefox's cache,” Ducklin said.

“Whatever is inside an HTTPS request, and in its corresponding reply, must exist in unencrypted form at each end of the conversation in order to be of any use.

"That means both your browser and the server you're talking to may - indeed, probably will - end up with a permanent record of the transaction's content, even though it was encrypted during transmission.”

However he points out that the snapshot feature provided richer data and made it easier to access the cached information.

Users could avoid potential exposure by erasing stored browser data after each browser session.

“… if this whole issue really is a bug, it may very well be a bug in our willingness to hold on to browser data between sessions," he said.

Copyright © SC Magazine, Australia


Firefox snapshot bug a 'red herring'
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 898

Vote