Closed
Bug 202253
Opened 21 years ago
Closed 21 years ago
www.mozilla.org should NOT be granted clipboard access by default
Categories
(Core :: Security: CAPS, defect)
Core
Security: CAPS
Tracking
()
VERIFIED
FIXED
mozilla1.4beta
People
(Reporter: igor, Assigned: security-bugs)
Details
(Whiteboard: midas, patch)
Attachments
(1 file)
1.17 KB,
patch
|
mkaply
:
review+
hjtoi-bugzilla
:
superreview+
asa
:
approval1.4+
|
Details | Diff | Splinter Review |
According to http://lxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#456: pref("capability.policy.allowclipboard.sites", "http://www.mozilla.org"); But why then www.mozilla.org is granted the access to the clipboard by default WITHOUT user knowledge??? Too many people can influence the site and what if hostile script will somehow appear there and will try to grab keyboard context with possibly sensitive information??? If this is done for convenience, then it already proved wrong since people wasted there time trying to figure out why their code does not work while one on mozilla.org does. From the newsgroup exchange: -------- Original Message 1 -------- Subject: Re: midas, execCommand, cut, copy & paste Date: Wed, 16 Apr 2003 06:59:23 -0400 From: Benjamin Smedberg <bsmedberg@covad.net> Organization: Another Netscape Collabra Server User Newsgroups: netscape.public.mozilla.jseng,netscape.public.mozilla.xpcom References: <ygrwuhva7cf.fsf@tva.ifi.uio.no> > This boggles my mind. execCommand works fine in mozilla 1.4a, and in > the midas demo at http://www.mozilla.org/editor/midasdemo/ cut, copy > and paste works fine. When I try to use these functions myself, > however, they don't - they generete an > NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED exception with the message > "Access to XPConnect service denied" code: "1011". At http://lxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#456 pref("capability.policy.allowclipboard.sites", "http://www.mozilla.org"); So to use this in your own application you would need to enable security... try one of the following: netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead"); (this might work for copy) netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite"); (this might work for cut/paste) netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); (this might just work) If you're doing this from website JS (as opposed to the local filesystem), you will need a signed script. --BDS -------- End of Original Message 1 -------- -------- Original Message 2 -------- Subject: Re: midas, execCommand, cut, copy & paste Date: Wed, 16 Apr 2003 09:05:10 -0400 From: David Bradley <dbradleyXSPAM@netscape.com> Organization: Another Netscape Collabra Server User Newsgroups: netscape.public.mozilla.jseng,netscape.public.mozilla.xpcom References: <ygrwuhva7cf.fsf@tva.ifi.uio.no> <b7jcj4$cp91@ripley.netscape.com> <ygrk7duae30.fsf@tva.ifi.uio.no> Fredrik de Vibe wrote: > for it's 'own' site. I also fail to see the potential security issues > wrt this, so if somebody would enlighten me here as well, I'd be > grateful. It would allow a web page to transmit the contents of the clipboard back. Now imagine you had a credit card number, ss #, or other sensitive information in the clipboard. You don't want web sites having access to any local data, including the clipboard, without the user's knowledge. David -------- End of Original Message 2 --------
Comment 1•21 years ago
|
||
Over to security.
Assignee: ben → mstoltz
Severity: normal → critical
Component: Preferences → Security: General
QA Contact: sairuh → carosendahl
Comment 2•21 years ago
|
||
So you trust mozilla the application but not the website? I think it's useful to have an example site in all.js so people can figure out what pref needs to be fixed to get copy/paste to work.
Whiteboard: midas
Reporter | ||
Comment 3•21 years ago
|
||
> So you trust mozilla the application but not the website? I trust a particular mozilla binary provided by http://www.mozilla.org since I know that only few persons can update it and any Trojan replacement will noticed there sooner rather later. But trusting all www.mozilla.org is just bad idea. There are just too many people who can update the site and a Trojan script slipping in one of the project pages for example can be hard to notice. > I think it's useful to have an example site in all.js so people can figure out what pref needs to be fixed to get copy/paste to work. This is already proved to be wrong since people tried to use the functionality on their own just to find out it does not work. Then they wasted their time trying to figure out what is different. Moreover, such approach hides the fact the a special action should be performed to enable the functionality and missed an opportunity how a general text editor would behave. If http://www.mozilla.org/editor/midasdemo/ would contain clear instructions what to do to enable it, that would be very convenient. Moreover, since now it is possible to edit preferences from the browser itself, a user will need just few mouse click to enable it while be aware of implications.
Your impression that there is only one person who can affect Mozilla binaries is misguided. There are actually more people who can affect changes to Mozilla binaries than to the web site. That said I doubt we could get normal people to follow directions for using about:config, it would be better to provide a mechanism ala n4 java where a site can request a list of permissions as a group and the user can choose to grant them for the session or permanently. I'm fairly certain that we don't have anything like this in caps, but I'd hope there's a bug for it. note that it's actually 3 preferences pref("capability.policy.allowclipboard.sites", "http://www.mozilla.org"); pref("capability.policy.allowclipboard.Clipboard.cutcopy", "allAccess"); pref("capability.policy.allowclipboard.Clipboard.paste", "allAccess"); and each site might really want/need to make its own policy which means asking the user to manually add three or more preferences. per http://bugzilla.mozilla.org/bug_status.html#severity i'm clobbering the severity.
Severity: critical → normal
Component: Security: General → Security: CAPS
Comment 5•21 years ago
|
||
We actually discussed doing this but simply didn't have the time. The idea of having a "clipboard manager" seemed silly. What mozilla needs is a generic permissions manager that handles all permissions.
Assignee | ||
Comment 6•21 years ago
|
||
Let's remove the pref that allows mozilla.org to access the clipboard - too many people can add content to that site, and it looks bad if we build in exemptions like this.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.4beta
Assignee | ||
Comment 7•21 years ago
|
||
Assignee | ||
Updated•21 years ago
|
Attachment #121338 -
Flags: superreview?(heikki)
Attachment #121338 -
Flags: review?(mkaply)
Updated•21 years ago
|
Attachment #121338 -
Flags: superreview?(heikki) → superreview+
Comment 8•21 years ago
|
||
Comment on attachment 121338 [details] [diff] [review] Patch - remove prefs allowing mozilla.org to access clipboard I'll approve this for 1.3b as well once the bugzilla stuff is in place.
Attachment #121338 -
Flags: review?(mkaply) → review+
Assignee | ||
Comment 9•21 years ago
|
||
Comment on attachment 121338 [details] [diff] [review] Patch - remove prefs allowing mozilla.org to access clipboard Requesting approval for 1.4 . This patch just removes the pref that allows all pages at www.mozilla.org to access the user's clipboard. We don't want to be seen as having "backdoors."
Attachment #121338 -
Flags: approval1.4?
Assignee | ||
Updated•21 years ago
|
Flags: blocking1.4?
Whiteboard: midas → midas, patch
Comment 10•21 years ago
|
||
Comment on attachment 121338 [details] [diff] [review] Patch - remove prefs allowing mozilla.org to access clipboard a=asa (on behalf of drivers) for checkin to 1.4
Attachment #121338 -
Flags: approval1.4? → approval1.4+
Assignee | ||
Comment 11•21 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Updated•21 years ago
|
Flags: blocking1.4?
You need to log in
before you can comment on or make changes to this bug.
Description
•