Categories: Security

Mozilla Fixes Crash Data Leak Issue In Firefox Browser

Mozilla has fixed a bug in its Firefox browser that automatically sent crash data to the company’s servers, whether users had told it to do so or not.

The crash reports contain information about the page that was being viewed in the browser at the time of the crash, and as such could contain private information, Mozilla acknowledged, saying it planned to delete all the inadvertently collected data from its servers.

“While we designed the crash reporting system to be difficult to map back to individuals, we need to be mindful that crash dumps contain the contents of the crashing tab,” Mozilla said in its bug report. “With low frequency they may contain private or identifying information.”

The bug was introduced in version 52 of the browser, released in March, and is fixed in version 57.0.3, released on 28 December.

Data leak

Data leaks have become a controversial issue, especially where it comes to browsers and also to mobile websites and apps, many of which have been found to send information on users back to developers without users’ knowledge or consent.

In November of last year Google was served with a large-scale lawsuit in the UK over its tracking of Safari users’ browsing activity several years ago.

Many users choose to disable browser crash reporting entirely out of privacy considerations. The reports are used to help developers spot browser bugs.

Given the sensitivity of the issue, Mozilla said it would take steps to ensure no crash reports are automatically submitted unless the user has specifically authorised the browser to do so.

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

Data deletion headache

Unfortunately, the company said it has no way of distinguishing people who switched on automatic reports from browsers in which the setting was enabled by the software flaw.

As a result, Mozilla said it would disable all automatic reporting for the affected browsers. It is also configuring its servers to discard any new crash reports submitted by the affected software.

Deleting the crash data from the affected browsers may also be difficult, since it is processed and stored in various systems at Mozilla.

“We retain crash reports for up to one year, so the whole data set is potentially impacted,” Mozilla stated.

The company said it planned to delete all the data within the next ten days.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

11 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

12 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

13 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

14 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

17 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

17 hours ago