Mozilla removing favicons in Firefox due to security risk

Shawn Knight

Shawn Knight

Posts: 15,279   +192
Staff member

Mozilla has deemed favicons a security risk and will be doing away with the tiny graphics in Firefox. The organization has already made the change on the most recent nightly build with plans to implement it to the release channel come mid-July.

Introduced in 1999 by Microsoft, the favicon, short for Favorite Icon, is typically a 16 x 16 pixel graphic that is associated with a particular website. A site owner can load a custom favicon that represents his or her website as a visual reminder to the user alongside the address bar or on tabs next to the page title.

The problem, Mozilla says, is that some malicious site owners are using images of a padlock as their favicon which gives the impression of a secure connection. This could potentially trick less Internet savvy users into thinking the site is safe to transmit personal data over when in fact, it isn’t.

Mozilla has decided to ditch custom favicons in favor of a new system. In place of the custom favicon, users will see a generic globe icon when visiting an unsecure website while a grey padlock signifies a site with SSL certificates without Extended Validation and a green padlock for sites with SSL certificates and Extended Validation.

There are no plans to remove favicons from tabs, bookmarks or Awesomebar suggestions, only the ones found in the address bar. The move is also said to reduce some of the visual weight, although I’m not sure how replacing custom favicons with their own icons will accomplish this.

Permalink to story.

https://www.techspot.com/news/48326-mozilla-removing-favicons-in-firefox-due-to-security-risk.html

 
Should of mentioned it only applied to the address bar sooner. Samfind utilizes these pretty well in its bookmarks toolbar and I would hate to see them completely go.
 
typical mozilla, removing features instead of fixing the actual problem. the actual problem of course being their shoddy user interface.
 
"The problem, Mozilla says, is that some malicious site owners are using images of a padlock as their favicon which gives the impression of a secure connection. This could potentially trick less Internet savvy users into thinking the site is safe to transmit personal data over when in fact, it isn?t."

I think that those less savvy internet users will be tricked by a lot of other things if they think that a simple HTTPS connection makes a site safe to give personal info to. Personally I think that getting your credit card jacked may not be such a bad thing if it makes you more aware of the risks of the internet, and you'll learn to be safe before you get stalked, or one of your kids gets abducted.
 
Gee, Mozilla, maybe you might consider making a <b>user preference</b> that's simply disabled by default? Or have you become Microgoogleapple??
 
That's just stupid, FF. Instead, they should present the security information differently, so it creates no confusion. Favicon is an awesome feature on the web, and who is FF after all to decide to dump it, give people more incentive to dump FF. Cheers!
 
One thing that Mozilla also mentioned - and will still be there is that with extended validation you will still be able to see who owns the site. That level of information should make more sites use Extended Validation certificates rather than the US$9.99 ones that we all can buy
 
Got to love the commentors who clearly didn't read the entire article. Anyways I wondered why Chrome was like this already... now it makes sense. Good job Mozilla but something so simple should have already been implemented long ago...
 
Opera already does this too btw (Using Opera 11.62 stable on Win7 here).
 
Looks like everyone is still trying to catch up with Opera! Opera figured this out some time ago. Seems Opera is the only browser that's really on the ball.
 
this change deserves to be applauded because it makes the net surfing by a common user much less prone to phishing attacks and scams. even though it may by itself not make web browsing more secure as such. if need be i would recommend giving the net savvy user an option to enable the favicon feature. however this may sometimes make a friend or a family member make an error if he or she is using that net savvy persons pc with the favicon option enabled.
 
I'm all for this, to be honest. They're preserving the feature where it really matters: In tabs and bookmarks. And the logic makes perfect sense.
 
You must log in or register to reply here.

Similar threads

D
Snap recalls drones due to fire risk, offers refunds to all users
Replies
2
Views
190
toooooot
T
A
Mozilla calls on Apple, Google, and Microsoft to create a more level playing field in...
Replies
12
Views
370
JAB Creations
JAB Creations
A
Mozilla pivots towards AI future as Firefox market share declines
Replies
13
Views
375
Tuxie
Tuxie

Latest posts

Back