Firefox Vulnerability
Image courtesy:

Many browsers do pre-fetching and caching of web pages for speed and performance optimization. But Mozilla Firefox has taken one step forward, it stealthily loads web pages when you hover over links. Yes! Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link.

Privacy and Security Concerns

While this sounds potentially helpful, it is also something of a privacy and security concern, not to mention a waste of bandwidth. You might hover over a link simply to check out the destination in the status bar and if there is a link to a malicious or unsavory website, these stealthy connections to those sites made in the background would be the last thing you would like to see. 

How it works?

This concerning behavior is the result of Mozilla speculative connect API. 

According to Mozilla Developer blog, 
"nsISpeculativeConnect lets the networking layer begin setting up TCP and, if appropriate, SSL handshakes to save time when the connection is actually opened later."
In it pre-loads the web pages so that browsing would be easy and time-saving.

How to fix this?

Follow the below simple steps to turn off this annoying 'speculative pre-connections' feature

1. Type "about:config" into the address bar (and you'll see a list of variables)
(The first time you look at "about:config", Firefox might ask you "Are you sure you know what you're doing?" Click "yes" and proceed.)

2. Copy-paste "network.http.speculative-parallel-limit" into the search bar at the top of that page and hit Return.

3. You'll now just have that one line on the page. Double-click it (or right-click on it and select "Modify")

4. A box pops up, change the value to 0, and hit OK.



One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different. Hope this bug would be fixed in the future Firefox releases.

Post a Comment