Bug#618668: iceweasel: A double-click on a word can select invisible text, including newline characters
Vincent Lefevre
vincent at vinc17.net
Thu Mar 17 13:17:27 UTC 2011
Package: iceweasel
Version: 3.5.17-1
Severity: important
Tags: upstream security
https://bugzilla.mozilla.org/show_bug.cgi?id=637895
A double-click on a word can select invisible text, including newline
characters, while the user thinks that only the word is selected.
This means that if the user pastes the selection, much more text will
be pasted. This can be very harmful under some conditions, where a
newline character may validate something. This is the case in a text
terminal, in particular when running a shell. With such a method, an
attacker (by fooling the user, who isn't aware of this bug) could run
any command in the user's shell to destroy data (e.g. with \rm -rf ~)
or retrieve private data (e.g. with the mail command).
Reproducible: Always
Steps to Reproduce:
1. Open the URL https://bugzilla.mozilla.org/show_bug.cgi?id=274712
and make sure you do not have edition permissions on the summary
of the bug.
2. Double-click on the last word of the bug summary ("Dialog"), for
the summary that appears over a gray background.
3. Paste the selection in a text terminal.
Actual Results:
I get the following two lines (each one ending with a newline character):
Dialog
Summary: New Options Dialog
Expected Results:
One should get only the word "Dialog".
-- Package-specific info:
-- Extensions information
Name: DOM Inspector
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/inspector at mozilla.org
Package: xul-ext-dom-inspector
Status: enabled
Name: Default
Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: Dictionnaire français «Classique»
Location: ${PROFILE_EXTENSIONS}/fr-FR at dictionaries.addons.mozilla.org
Status: enabled
Name: Firefox Showcase
Location: ${PROFILE_EXTENSIONS}/{89506680-e3f4-484c-a2c0-ed711d481eda}
Status: enabled
Name: Flagfox
Location: ${PROFILE_EXTENSIONS}/{1018e4d6-728f-4b20-ad56-37578a4de76b}
Status: enabled
Name: Flashblock
Location: ${PROFILE_EXTENSIONS}/{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Status: enabled
Name: Forecastfox Weather
Location: ${PROFILE_EXTENSIONS}/{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
Status: enabled
Name: Greasemonkey
Location: ${PROFILE_EXTENSIONS}/{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
Status: enabled
Name: HeadingsMap
Location: ${PROFILE_EXTENSIONS}/headings at niquelheadings.net
Status: enabled
Name: Link Widgets
Location: ${PROFILE_EXTENSIONS}/linkwidget at clav.mozdev.org
Status: enabled
Name: Live HTTP headers
Location: ${PROFILE_EXTENSIONS}/{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
Status: enabled
Name: Open in Browser
Location: ${PROFILE_EXTENSIONS}/openinbrowser at www.spasche.net
Status: enabled
Name: Pinger
Location: ${PROFILE_EXTENSIONS}/janetka at pinger
Status: enabled
Name: Readability
Location: ${PROFILE_EXTENSIONS}/{6005d9b1-d115-485a-a92a-3f6453ca3fe2}
Status: enabled
Name: SearchStatus
Location: ${PROFILE_EXTENSIONS}/{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
Status: enabled
Name: Stylish
Location: ${PROFILE_EXTENSIONS}/{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
Status: enabled
Name: Tab Mix Plus
Location: ${PROFILE_EXTENSIONS}/{dc572301-7619-498c-a57d-39143191b318}
Status: enabled
Name: Web Developer
Location: ${PROFILE_EXTENSIONS}/{c45c406e-ab73-11d8-be73-000a95be3b12}
Status: enabled
Name: X-Ray
Location: ${PROFILE_EXTENSIONS}/{3f1182ea-3243-4d32-8826-71fb1cc9c328}
Status: enabled
-- Plugins information
Name: DjView-4.7
Location: /usr/lib/netscape/plugins-libc6/nsdejavu.so
Package: djview-plugin
Status: enabled
Name: Shockwave Flash
Location: /usr/lib/gnash/libgnashplugin.so
Package: browser-plugin-gnash
Status: enabled
-- Addons package information
ii browser-plugin 0.8.9~git20110 GNU Shockwave Flash (SWF) player - Plugin fo
ii djview-plugin 4.7-1 Browser plugin for the DjVu image format
ii iceweasel 3.5.17-1 Web browser based on Firefox
ii xul-ext-dom-in 1:2.0.9-1 tool for inspecting the DOM of pages in Icew
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 3.4.4 Miscellaneous utilities specific t
ii fontconfig 2.8.0-2.1 generic font configuration library
ii libc6 2.11.2-13 Embedded GNU C Library: Shared lib
ii libglib2.0-0 2.28.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libnspr4-0d 4.8.7-2 NetScape Portable Runtime Library
ii libstdc++6 4.5.2-6 The GNU Standard C++ Library v3
ii procps 1:3.2.8-10 /proc file system utilities
ii xulrunner-1.9.1 1.9.1.17-1 XUL + XPCOM application runner
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
ii libgssapi-krb5-2 1.8.3+dfsg-6 MIT Kerberos runtime libraries - k
ii mathematica-fonts [ttf-math 12 Installer of Mathematica fonts
pn mozplugger <none> (no description available)
ii ttf-lyx 2.0.0~rc1-1 TrueType versions of some TeX font
ii xfonts-mathml 4 Type1 Symbol font for MathML
pn xprint <none> (no description available)
Versions of packages xulrunner-1.9.1 depends on:
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-13 Embedded GNU C Library: Shared lib
ii libcairo2 1.10.2-4 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.4.6-1 simple interprocess messaging syst
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.4-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.5.2-6 GCC support library
ii libglib2.0-0 2.28.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libhunspell-1.2-0 1.2.14-4 spell checker and morphological an
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libmozjs2d 1.9.1.17-1 The Mozilla SpiderMonkey JavaScrip
ii libnspr4-0d 4.8.7-2 NetScape Portable Runtime Library
ii libnss3-1d 3.12.9-2 Network Security Service libraries
ii libpango1.0-0 1.28.3-2~sid1 Layout and rendering of internatio
ii libpng12-0 1.2.44-2 PNG library - runtime
ii libreadline6 6.1-3 GNU readline and history libraries
ii libsqlite3-0 3.7.5-1 SQLite 3 shared library
ii libstartup-notification 0.10-1 library for program launch feedbac
ii libstdc++6 4.5.2-6 The GNU Standard C++ Library v3
ii libx11-6 2:1.4.1-5 X11 client-side library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxt6 1:1.1.1-1 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages xulrunner-1.9.1 suggests:
ii libcanberra0 0.24-1 a simple abstract interface for pl
ii libdbus-glib-1-2 0.92-1 simple interprocess messaging syst
ii libgconf2-4 2.28.1-6 GNOME configuration database syste
ii libgnome2-0 2.30.0-1 The GNOME library - runtime files
ii libgnomeui-0 2.24.3-1 The GNOME libraries (User Interfac
ii libgnomevfs2-0 1:2.24.4-1 GNOME Virtual File System (runtime
-- no debconf information
More information about the pkg-mozilla-maintainers
mailing list