Mathew J. Schwartz reports:
When Firefox version 13 debuted earlier this month, it included a new tab-restoration feature–but at what privacy cost?
“When opening a new tab, users are now presented with their most visited pages,” according to Mozilla’s Firefox 13 release notes.
But as one Firefox user discovered, that tab-restoration feature was also “taking snapshots of the user’s HTTPS session content,” reported The Register, after one of its readers opened a new tab and was “greeted by my earlier online banking and webmail sessions complete with account numbers, balances, subject lines, etc.”
Read more on InformationWeek.
I don’t get what all this is about? I thought as long as the snapshots are not sent to any remote server all is ok? or is this something to do with being privacy conscious among multiple users of a single PC? if so, doesn’t firefox store different snapshots for different people?
Perhaps the issue is that the https session cookie was retained and reused.
Maybe scripted exploits could potentially access that cookie, and then send
info elsewhere?