Synthetic middle-click event can paste

RESOLVED FIXED

Status

()

Core
Editor
RESOLVED FIXED
13 years ago
4 years ago

People

(Reporter: Jesse Ruderman, Assigned: Joe Francis)

Tracking

(4 keywords)

1.7 Branch
x86
Windows XP
csectype-disclosure, fixed-aviary1.0, fixed1.7.5, sec-moderate
Points:
---
Bug Flags:
blocking-aviary1.0 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

352 bytes, text/html
Details
Fix
1.31 KB, patch
Brian Ryner (not reading)
: review+
Brian Ryner (not reading)
: superreview+
Details | Diff | Splinter Review
(Reporter)

Description

13 years ago
Steps to reproduce on Windows:
1. Go to about:config and middlemouse.paste to true.
2. Copy something to the Windows clipboard.
3. Load the testcase.

Result: the contents of your clipboard are pasted once a second.

On Linux, I imagine this would paste the X primary selection rather than the
contents of the clipboard (without any hidden pref changes).
(Reporter)

Updated

13 years ago
Flags: blocking-aviary1.0?
Whiteboard: security
(Reporter)

Comment 1

13 years ago
Created attachment 163116 [details]
demo
Lest people discount this bug due to the first step being "change prefs", Unix
and OS2 versions ship with true already the default value.
Whiteboard: security → [sg:fix]security
Created attachment 163189 [details] [diff] [review]
Fix

Updated

13 years ago
Attachment #163189 - Flags: superreview?(bryner)
Attachment #163189 - Flags: review?(bryner)

Comment 4

13 years ago
Comment on attachment 163189 [details] [diff] [review]
Fix

a=asa for aviary checkin pending reviews.
Attachment #163189 - Flags: approval-aviary+
Attachment #163189 - Flags: superreview?(bryner)
Attachment #163189 - Flags: superreview+
Attachment #163189 - Flags: review?(bryner)
Attachment #163189 - Flags: review+

Updated

13 years ago
Flags: blocking-aviary1.0? → blocking-aviary1.0+

Updated

13 years ago
Keywords: fixed-aviary1.0
Fixed on 1.7 and trunk too (a=asa over IRC).
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Keywords: fixed1.7.x
Resolution: --- → FIXED
on linux (2004102409-0.9+) this seems to behave itself now.
Security Advisories published, clearing confidential flag
Group: security
(Reporter)

Updated

4 years ago
Keywords: csec-disclosure, sec-moderate
Whiteboard: [sg:fix]security
You need to log in before you can comment on or make changes to this bug.