"Location Bar" exposes hidden bookmarks, puts users off upgrading to Firefox 3.x

"Location Bar" exposes hidden bookmarks, puts users off upgrading to Firefox 3.x

Summary: It's a good idea from a security standpoint to upgrade your browser, but what increases your security in one area might make you vulnerable in another!

TOPICS: Security, Browser

It's a good idea from a security standpoint to upgrade your browser, but what increases your security in one area might make you vulnerable in another!

According to research carried out by Mozilla's security team, 25% of people who weren't prepared to upgrade from Firefox 2.x to 3.x cited the inability to clear the Location Bar history as a reason for sticking with the old browser.

As Alex Faaborg, Firefox’s principal designer, explains, "When we expanded the capabilities of the location bar to search against all history and bookmarks in Firefox 3, a lot of people contacted us to say that they had certain bookmarks they didn’t really want to have displayed." In other words, the new Firefox feature exposed bookmarks that had been previously hidden away!

Given this level of resistance to the Location Bar, it's clear to see why Firefox added private mode to Firefox 3.5.

The double-edged nature of new features!

Topics: Security, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • So, let me get this straight...

    People who share their computer with other people are concerned about hiding bookmarks, history, etc. so they don't want to upgrade on account they might get caught or reveal something about themselves to the other person.

    Which begs the question-- why are they sharing their account logins in the first place? Why not just create a separate login or simpler yet, just use the Private Browsing mode or configure FF to always clear history on exit (and don't bookmark things at all), etc etc.

    Point being, I fail to see why user idiocy is a reason for not upgrading.
    • Not so clear cut

      Its not as simple as you say, for example, I do tech support and I can assure you there are tons of people out there who don't know how to setup a new account, much less configuring shared folders etc, and in most cases shared computer users also share files, music videos etc, a second account is more hassle, also on low performance computers, 4, 5, 6 user names are normally a hassle and system strain in itself.

      Then there is the clear on exit point you made, not very feasible, there are some history and bookmarks people actually want, they just don't want them popping up at the stroke of two keys, its not a case of they want hem to go away, Mommy just doesn't want when little Jody goes to type 'DI' for Disney.com, DicksRUs.com, coming up, but she still want to have it in her bookmarks.
    • Private Mode

      [i]or simpler yet, just use the Private Browsing mode[/i]

      Since there was no Private Mode in FF2 that would be a little difficult.

      Another scenario might be that people use a particular computer for personal use, but also might use it for business purposes, like give presentations. In that case there might be some links they don't want exposed during said presentations.
  • RE: Bookmark tool bar?

    I have it hidden and use Delicious instead.
  • Rather silly reason

    The Firefox options dialog allows people to set the "awesome (sic) bar" to suggest "nothing." I don't quite understand this feature anyway. I guess it is built for people that can't type? For frequently used bookmarks I set up a keyword.
  • RE:

    Not sure if I understand what the problem is here. Hidden bookmarks are being exposed and that is bad? First, I didn't know you could hide bookmarks. Second, what does it matter if its being exposed? Are you trying to hide some pr0n? Bookmarks that shouldn't be displayed shouldn't be bookmarks. Sheesh. Someone tell me what I'm missing here.
    Loverock Davidson
    • What you're missing...

      is that some people only have one computer for their household. I know that may shock some people. If you want to limit the possibilities to porn, that's fine. The whole purpose of having "hidden bookmarks" is kinda spelled out in the first word..."hidden". If mommy and daddy want to peruse porn, being adults I'd venture to say that's ok. Now when little suzy or billy needs to use the computer because they needs to in order to complete their homework, mommy and daddy don't want them to see what they have clearly intended to hide. Does that clear things up for you?
      • Still doesn't make sense

        That kind of stuff shouldn't have been bookmarked in the first place especially with little suzy around.
        Loverock Davidson
        • It's not just bookmarks

          because the location bar also show up recently visited sites when you
          start typing.
          • That is what FireFox 3.5's private browsing feature is for

            People in earlier versions have to use the clear private data function, which could wipe legitimate cookies that the user wants to keep around.
          • Indeed

            [i]That is what FireFox 3.5's private browsing feature is for[/i]

            And since it was missing in FF 3.0, it's precisely why Mozilla added that mode to FF 3.5.
          • Bookmarks and history

            The whole thing seems to be a moot point to me. In FF 3.5.2 anyway, you can choose to search either bookmarks or history or even both as you choose. So having your bookmarks show up embarrassingly is no one's fault but your own.
            As for the parents browsing questionable content and their kids finding it, they should know better, buy a separate computer, I mean jeeze man, $300 for a system to watch whatever and protect your little darlings from it does not seem exorbitant to me.

            Louis Ross Focke
  • Getting FF 2 bar functionality in v3

    When I upgraded to FF3, I was really upset that the new "location bar" or whatever it's called was totally different from what I had grown to appreciate in FF2.

    In FF2, the drop-down menu from the address bar simply showed the URLs that I had visited by manually typing in addresses. Websites that I had visited from my Bookmarks did not show up.

    I was able to replicate this functionality (somewhat) in FF3 using an add-on called Old Location Bar. Then you need to go into "about:config" and change browser.urlbar.matchOnlyTyped to "true".
    ZDnet Reader 43
    • Thanks for the tip

      I've been avoiding installing Firefox 3 mainly because of the location bar function, except on Ubuntu Linux, where it comes with the system by default. The Old Location Bar extension fixed that annoyance nicely on my Linux box.
      Tony R.

  • RE:

    don't have much to say on the matter since i'm the only one that use's this computer.i'm using version 3.0.13
  • So ...

    ... more people are surfing porn than actually admit it ...

    • So True...

      ...the truth is so painful. You are right about people surfing porn. Why would you want to delete your location unless you were ashamed of where you had been.
      • An innocent example...

        ...could be hiding websites of online shopping if you were buying a
        present or booking a surprise holiday online?
      • It isn't all about porn!

        Let's say that I'm a manager and I've been researching state laws related to layoffs, just in case I have to cut my budget. Now, I'm having a meeting with a member of my staff and together we're reviewing something on the web. I'd rather that the employee didn't see my bookmarks related to that topic. I try to keep my computer desktop clear of such items, and I'd prefer that my browser didn't squeal on me!