Is this new Firefox feature a security hole?

Ok this Question comes from the information found here and Here :

I first heard about it in a couple of posts on another forum on this thread

BAsicly is FF or Mozilla pre-caching a good idea..

Quote:

Now Google's faster than ever on Firefox and Mozilla browsers. When you do a search on these browsers, we instruct them to download your top search result in advance, so if you click on it, you'll get to that page even more quickly.

I'm not so sure I like this idea. It's basically the "I feel lucky" option with an extra click. On a broadband connection, would I even notice the difference? On a dial-up connection, which I had to suffer with last week, it would impose a performance penalty. I'd prefer it if this were an option.

And why only for Firefox? Is there a technical reason why this can't be done for another browser?

Updated: The more I think about this, the less I like it. What if the top search result contains content that is objectionable? If I do a perfectly legitimate search on my work computer, I have the option to avoid downloading that page based on its summary and title. But if the page downloads for me, it goes through my company's proxy servers, where it gets logged as something I downloaded. It's also cached on my computer. If that page happens to include porn or other unwanted content, I could get in serious trouble and even lose my job, even though I am completely innocent

and

Quote:

Let me repeat that: I clicked on a link in one page, and Firefox silently, without any indication to me, downloaded a large executable file in the background and placed it in my browser's cache.

I repeated the experiment with a much larger executable file (10MB) from a different third-party Web site, using a completely clean Firefox profile. Same result.

If you were to click on the link to my test page using Firefox, that executable code would be on your computer, downloaded from a site you never chose to visit. Now, let me be clear: That code isn't an immediate danger. There's no way I'm aware of for it to execute. At least not now. But if I were a bad guy, I'd be working my tail off to figure out how to get that code to execute - or to trick you into running it. I'd also be looking at other creative ways to exploit the fact that I can get you to download scripts and other content from a third-party site that you never even realized you visited. And I would surely be thinking of how I could get my pages to appear at the top of a Google search window, where they would automatically be prefetched by Firefox.

This is not a good thing.

Sounds dangerous but it could be a nice option.

Maybe if firefox would warn you and you could choose to allow or disalow and alway's allow or disallow for certain sites or file types or both.

That would be a nice thing.

It definetly needs to have the ability to be toggled and needs to be toggled off by default, IMHO. If not for security concerns, then the bandwidth concerns.

- Xierox

discussion here:

http://www.mozillazine.org/talkback.html?article=6310

also from the site I listed how to prevent the "potential" problems

Quote:

Google Help explains how to disable this feature in Firefox:

1.
Type "about:config" the address bar.
2.
Scroll down to the setting "network.prefetch-next" and set the value to "False".

The default should be off, not on, in my opinion. A browser should never, ever download content from a site that you didn't specifically choose to visit. What are Google's developers thinking?

I am suprised that this topic has not raised more discussion..

is this where AO has come.. or just a lost thread in a dynamic AO