User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 20141011015303 Steps to reproduce: 1. Install Conduit or other "badware" that is known to hijack the newtab page (I would not suggest reproducing this step) 2. Observe that opening a new tab redirects you to a hijacked URL 3. Remove malicious software Actual results: Opening a new tab still displays the hijacked URL Expected results: A UI to modify the new tab page without resorting to about:config OR That browser.newtab.url should be removed as it provides an avenue for malicious software to hijack the new tab page without a discoverable way for users to change it back

That's why there is a reset feature: https://support.mozilla.org/en-US/kb/reset-firefox-to-fix-most-problems

(In reply to Loic from comment #1) > That's why there is a reset feature: > https://support.mozilla.org/en-US/kb/reset-firefox-to-fix-most-problems I personally don't consider a reset to be the appropriate solution, especially as it ignores the damage that can be done to a user who are not savvy enough to realize there is a problem or even how to perform a reset to fix it if they do. A decision has already been made to remove the ui to modify browser.newtab.url in favor of always displaying about:newtab unless the user goes through the trouble of modifying the setting in about:config or installing an extension. I would propose that the setting is removed, an extension could easily restore this functionality for users who wish to keep it.

Gavin, can we do the same here that we did for the search engine selection and/or is there a bug on file about that already?