By releasing Firefox 57.0.3, Mozilla has fixed a privacy issue where some users have been opted into send background tab crash reports automatically.
Firefox team has discovered and patched an issue with the Tab Crash Reporter (that was introduced with Firefox 52) in Firefox 59 and 57.0.3
When a tab crashes in Firefox without crash report, browser shows about:tabcrashed page and offers ‘Close Tab’ and ‘Restore this tab’ options.
When you click on ‘Restore tab’, the tab should be restored and crash report should not be sent. But with the Bug 1424373 the tab crash reporter has been activated and crash reports were sent to Mozilla that may contain sensitive or identifiable information.
Behind the scenes, Firefox has flipped the below preference value to true.
As a result, you’ll see related setting ‘Allow Firefox to send crash reports to Mozilla’ enabled (which was disabled by default) in Firefox Privacy & Security Settings UI.
This bug has worried Mozilla and this is what the company has done to address privacy issues after fixing the issue:
1. Mozilla has fixed the bug and disabled auto-submission of crash reports in all Firefox versions.
2. The caused bug contains a hot fix and an up loadable patch for all impacted versions.
“In Socorro we are taking steps to delete data on our systems and prevent receipt of any additional data resulting from this bug. We retain crash reports for up to one year, so the whole data set is potentially impacted”
” We will add measures to discard new, automatically submitted crashes from affected versions, and then delete all crash reports collected prior to that deploy. Our goal is to have this data deleted in the next ten days”
Firefox 57.0.3 update is now available to Firefox 57.0.2 via Firefox Update, install the update and restart Firefox browser.
Check the Release notes link for this version of Firefox.