Is there diminished security with having both non-encrypted and encrypted webpages open simultaneously?

Context: I typically have multiple tabs/instances of Firefox running at the same time; most of these are over plain unencrypted webpages. Often, however, I remember I need to purchase an item, or do some other financial transaction, which involves going to an encrypted webpage. However, for the sake of efficiency, I also often do not close all other browser tabs/windows.

Question: Does this diminish the security I get from my single encrypted tab I've got open? Is there a greater conceptual browser/internet security framework I need to understand here?

(I am running the latest version of Firefox, on Windows XP.)

drapkin11

Posted 2011-03-18T16:24:33.653

Reputation: 646

Answers

The best way to protect yourself in such scenarios is to use a browser that supports Sandboxing.

Sandboxing is running each individual tab in a separate process and not allowing them to communicate.

There are two browsers that I have seen that implement this technique natively, IE9 and Chrome.

For FF there is a plugin to achieve this, once you have sandboxing enabled or you are running a browser that implements this, then you can truly feel "secure".

The plugin for FF is Sandboxie and it achieves what IE9 and Chrome do natively.

Otherwise, there is a possibility to do cross-tab stuff and compromise the information.

My field is not IT Security but I am pretty sure this is just common sense.

paradd0x

Posted 2011-03-18T16:24:33.653

Reputation: 7 771

^{<not a security expert>}

It's safe. A website cannot see what you are doing in other tabs or windows. (Except perhaps if both have the same website open.)

Of course, there is a possibility of a security hole in the browser, but all the cross-tab ones have been fixed already.

_{</not a security expert>}

user1686

Posted 2011-03-18T16:24:33.653

Reputation: 283 655

2At one time FF did have javascripting vulnerabilities which would allow some cross tab spoofing. Without a full sandbox between tabs via different processes as IE8/9 and Chrome do than there can be an opening for possible issues. – edusysadmin – 2011-03-19T13:58:57.663

Thanks for the link, @grawity! Is there a specific section(s) you recommend I check out? – drapkin11 – 2011-03-30T14:58:13.463

Was going to leave this as a comment under @Grawity's post, but thought it should be an answer. Unless you sandbox, then there are a number of ways a website can impact you if you have another site open as well. I would recommend always closing browsers before carrying out online transactions (ebay, online banking etc)

IE9 and Chrome seem safe currently - all things change so don't rely on this remaining true:-)

caveat - I am a security professional, and pretty pessimistic about these things, so I always recommend doing the simple things which help!

Rory Alsop

Posted 2011-03-18T16:24:33.653

Reputation: 3 168