Mozilla has deemed favicons a security risk and will be doing away with the tiny graphics in Firefox. The organization has already made the change on the most recent nightly build with plans to implement it to the release channel come mid-July.
Introduced in 1999 by Microsoft, the favicon, short for Favorite Icon, is typically a 16 x 16 pixel graphic that is associated with a particular website. A site owner can load a custom favicon that represents his or her website as a visual reminder to the user alongside the address bar or on tabs next to the page title.
The problem, Mozilla says, is that some malicious site owners are using images of a padlock as their favicon which gives the impression of a secure connection. This could potentially trick less Internet savvy users into thinking the site is safe to transmit personal data over when in fact, it isn’t.
Mozilla has decided to ditch custom favicons in favor of a new system. In place of the custom favicon, users will see a generic globe icon when visiting an unsecure website while a grey padlock signifies a site with SSL certificates without Extended Validation and a green padlock for sites with SSL certificates and Extended Validation.
There are no plans to remove favicons from tabs, bookmarks or Awesomebar suggestions, only the ones found in the address bar. The move is also said to reduce some of the visual weight, although I’m not sure how replacing custom favicons with their own icons will accomplish this.