Bug#825198: firefox: please disable any access from the browser to the clipboard
Christoph Anton Mitterer
calestyo at scientia.net
Tue May 24 13:57:28 UTC 2016
Source: firefox
Severity: important
Tags: security
Hi.
There is no reason why a browser should access the clipboard
of the client.
It opens all kinds of attack vetors and likely privacy leaks.
See e.g. recent exploits[0].
I wouldn't be all to surprised if Mozilla would also allow
to read out the current clip board contents, which wold be a
really grave issue, as it could contain passwords, keys, etc.
There has been some recent media coverage[1] (this one in
German) about [0].
Cheers,
Chris.
[0] https://github.com/dxa4481/Pastejacking
[1] http://www.golem.de/news/pastejacking-im-browser-codeausfuehrung-per-copy-and-paste-1605-121062.html
More information about the pkg-mozilla-maintainers
mailing list