Don't let websites overwrite clipboard in Firefox (opens in new tab)

(superuser.com)

33 pointsweird_user2y ago3 comments

3 comments

Just a few weeks ago there was an interesting thread on the oss-sec list[1], which is tangentially related - a clipboard-pastejacking issue was reported to Firefox, who rejected the bug report.

1: https://seclists.org/oss-sec/2023/q4/132

idbehold2y ago

It's X11 which is asking applications what was selected when determining what will be pasted from middle click. To be secure X11 should be maintaining its own buffer which can only be updated via user interaction instead of relying on every application to implement this security measure themselves.

It's also a security issue with the shells that are interpreting a pasted new-line character. The author of that post is delusional to claim that none of the blame should be placed on the shells.

fyokdrigd2y ago

mozilla (and chrome to be fair is the same) have more product managers closing bugs than engineers/contributors.

j / k navigate · click thread line to collapse