How to protect previous Firefox tabs from being hijacked

Learn how to secure Firefox tabs from mischief with the Don't Touch My Tabs add-on.

There's never a shortage of security issues with web browsers. Ever. It seems the second a web browser is released some new method of malicious hijack-ery is discovered. In some cases, those issues have been around for quite some time and have yet to be resolved.

Case in point, there's been a long-standing issue that works like this:

  • You click a link in a page.

  • That link opens a new page in a new tab.

  • The newly opened page can now control what page is loaded in the tab used to open the new page.

In other words, X opens Y and then Y can control X. Not only can this be used for malicious intent, such as the loading of a fake login page, it's always one way that advertisers are able to further invade your privacy.

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

The fix for this issue is supposed to fall into the laps of web designers/developers. By adding rel=noopener to a hyperlink it ensures the safety of the link. Without that attribute, all is fair in love and war.

Problem is, you aren't in control of other websites. So what do you do? If you happen to use Firefox, you can install the Don't Touch My Tabs add-on that does the following:

  1. Locates any hyperlink pointing to any page not hosted on the same domain as the viewed page.
  2. Checks if discovered hyperlink contains the target="_blank" attribute.
  3. If the discovered hyperlink has no rel= attribute, it adds rel=noopener.
  4. If the discovered hyperlink includes a rel=attribute, but is missing the noopener value, it is added.

It's a pretty easy fix for a problem with a complex solution.

How to install the Don't Touch My Tabs add-on in Firefox

Point Firefox to the Don't Touch My Tabs add-on. In the resulting page, click Add To Firefox (Figure A). 

Figure A

tabsa.jpg

Adding Don't Touch My Tabs to Firefox.

When prompted, click Add. The next popup (Figure B) allows you to enable the extension for Private Windows. If you use Firefox in this mode, I highly recommend enabling the add-on such that it will work in Private mode.

Figure B

tabsb.jpg

Enabling the addon for Private mode.

Dismiss the installation results by clicking Okay, Got It. 

How to test the add-on

A quick and easy way to test this add-on is to head over to this rel=noopener page, created by Mathias Bynens, and click any of the test links. A new tab should open to say:

The previous tab is safe and intact. window.opener was null; mischief not managed!

You're safe.

If you disable the add-on and click on one of the links, it will instead say:

Why don't you go back to the previous tab?

You're not safe.

And that's it. Enjoy the security of always opening new tabs with rel=noopener in Firefox.

Also see

firefoxhero.jpg

Image: Mozilla