I am very disappointed in Mozilla Firefox latest update. Is your policy to support hackers by allowing the tab bar to be permanently on.
I am very disappointed in Mozilla Firefox latest update. Is your policy to support hackers by allowing the tab bar to be permanently on. The security feature of switching off tabs bar is one of the reason I pick Mozilla. It is only one extra button to be able to switch it off. The choice should still be there and not like Microsoft and trying to force it on people
All Replies (5)
hello, how would the displaying of tabs have any impact on security?
in any case, you can use an addon if you don't like tabs: https://addons.mozilla.org/firefox/addon/hide-tab-bar-with-one-tab/
Tabnabbing From Wikipedia, the free encyclopedia Jump to: navigation, search
Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert.[1][2] The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser.[3]
The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time. A user who returns after a while and sees the rewritten page may be induced to believe the page is legitimate and enter their login, password and other details that will be used for improper purposes. The attack can be made more likely to succeed if the script checks for well known Web sites the user has loaded in the past or in other tabs, and loads a simulation of the same sites. This attack can be done even if JavaScript is disabled, using the "meta refresh" meta element, an HTML attribute used for page redirection that causes a reload of a specified new page after a given time interval.[4]
The NoScript extension for Mozilla Firefox defends both from the JavaScript-based and from the scriptless attack, based on meta refresh, by preventing inactive tabs from changing the location of the page.[5]
You people do not read the papers or look at internet? Hacking is a major thing and tab napping is one way they hack peoples information
and why wouldn't the same attack be possible if you only use windows? - it's probably just called tab-napping because they are more popular and no-one* uses windows in the browser anymore...
*not to be understood literally
Athraithe ag philipp ar
People have had their bank accounts hacked by tabs Their facebook accounts hacked by tabs. Well documented in the news and tech programs. They can not attack you if you do not have a windows opened. They could try and open a new window but you have pop up blockers to stop that happening. Tabs are scripted differently to a new window. A new tabs could be opened and you would not notice it was opened.
I get the feeling that you are not interested in customers security. Security feature include switching pop up blockers. Parental controls custom setup of how it looks on screen and switching off tab bar or menu bar or search bar. If customer want to switch tabs off it should be their choice. The script for hiding tab bar can be hacked as it is not part of the main program and is an independent script.
Switch on and off of all features is part of the security of any browser. I will be removing firefox. DO NOT REPLY BACK
i think you have not understood how the attack really works. no new tab will be opened but the content of the existing page is replaced by something that resembles a popular login site. this works the same way in windows as it does in tabs, which you can test yourself at the proof-of-concept page: http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/