Using middle-click for both "open link in new tab" and "paste" means pages can steal your clipboard contents

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
11 years ago
4 years ago

People

(Reporter: guninski, Unassigned)

Tracking

({privacy, sec-low})

Trunk
x86
Linux
privacy, sec-low
Points:
---
Bug Flags:
blocking-firefox3 -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:low P4])

Attachments

(2 attachments)

Created attachment 290377 [details]
paste2.html

middle clicking on linux opens new tab and is common activity.

1. middle clicking on (possible css decorated input looking like a link) steals the current selection which may be confidentail info like porn url
this is paste2.html

2. tricking the user into selecting a javascript: text (possibly hidden via css) and then middle clicking in other tab/window leads to same origin violation
this is paste1.html

if the current selection is "file:///" middle click on nonlink opens "file:///"
Created attachment 290378 [details]
paste1.html
hm, paste1.html injects js in another domain but when middle clicked on an image document the cookie is accessible only on trunk

Updated

11 years ago
Summary: some dangers of middle clicking → some dangers of middle-click paste

Comment 3

11 years ago
We should definitely disable the "middle-click = paste and go" behavior for javascript: URLs, and we should try to make it safe for data: URLs.

I don't think we can fix the other problem except by disabling one of the middle-click behaviors (either disabling its "paste" behavior or disabling its "open link in new tab" behavior).
Flags: blocking-firefox3?
note that middle clicking does paste in most X applications
[sg:low?]
Whiteboard: [sg:low?]
This does not block the final release of Firefox 3.
Flags: blocking-firefox3? → blocking-firefox3-

Comment 7

8 years ago
I'm declaring this bug to be about the "selection stealing" issue (#1). The other bug should be filed as blocking bug 527530 (if it hasn't already been fixed).
Group: core-security
Summary: some dangers of middle-click paste → Using middle-click for both "open link in new tab" and "paste" means pages can steal your clipboard contents
Version: 2.0 Branch → Trunk

Updated

8 years ago
Keywords: privacy, uiwanted
Whiteboard: [sg:low?] → [sg:low P4]
Hmm. This is a tricky problem. I'm not sure what to do about it...

Seem like we can't do the obvious thing of disabling middle-click paste -- or middle-click opens a link -- because both of those would be breaking commonly used functionality. [Though there's something to be said for Linux desktops moving away from the old X-style clipboard, and middle-click being something a lot of people still haven't learned about].

I can't think of any obvious solution to disable pasting in certain cases (eg, unless a textarea is focused) that wouldn't just be easily bypassed.

So, seeking ideas as we're stuck.
I'd chalk this up to being a general problem for Linux, and not try to fix it. Middle-click to paste was always a brain-dead thing to do, especially having multiple clipboards, automatically adding selected text to one of the two clipboards, oh my. Don't get me started. ;)

If Linux ever becomes a mainstream consumer platform, we can revisit this, but for now I'd just recommend leaving this alone. If you're worried about it as an end user, don't use middle click.
Keywords: uiwanted

Comment 10

7 years ago
> If Linux ever becomes a mainstream consumer platform, we can revisit this,
> but for now I'd just recommend leaving this alone. If you're worried about
> it as an end user, don't use middle click.

Or set middlemouse.paste to false.
I concur with the last few comments.

We may want to investigate disabling the middle-click-to-load behavior (middlemouse.contentLoadURL) by default on Linux in the future, but many users depend on the functionality, and given the choice, probably would opt to play their luck with someone doing this kind of trick rather than losing the functionality.

Since the likelihood of this being abused is low, and the result of the abuse is not that serious most of the time (clipboard contents can be sensitive, but they most often aren't), WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
Duplicate of this bug: 1169291
You need to log in before you can comment on or make changes to this bug.