John Leyden reports:
Mozilla has plugged a privacy-related security hole in Firefox 13 and released a fixed version of its web browser. The flaw allowed the software’s speed-dial-alike “new tab” feature to take snapshots of supposedly secure HTTPS sessions.
Punters sounded the alarm over the feature that, for example, revealed online bank account details or private messages in webmail sessions to the next user of a shared PC. Mozilla quickly acknowledged the behaviour was undesirable and issued a workaround and privacy advice in early June.
Read more on The Register.
Which reminds me: while waiting in a graduate student lounge at my daughter’s university recently, I noted that the university had configured the computers to use Firefox 3.6. No one updates or patches those computers? C’mon, folks….