Closed Bug 605939 Opened 14 years ago Closed 13 years ago

clicking middle mouse button causes FF to try to send out the contents of the clipboard as a HTTP GET request

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 504714

People

(Reporter: v387, Unassigned)

Details

(Whiteboard: [session-store-testday]) 

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

1. Select some text from the content of any currently displayed web page.

2. Type ctl-C or any other method of copying the text into the clipboard.

3. Click the middle button of your mouse.

>>> FF sends out whatever is in the clipboard as if it were a URL. It pastes it into the address bar and sends the request if the text doesn't contain any invalid URL characters. <<<

This is a security issue because the contents of the clipboard could contain  confidential data.

(I'm also using WMaker if that's relavant)

Reproducible: Always

Steps to Reproduce:
1. Select some text from the content of any currently displayed web page.

2. Type ctl-C or any other method of copying the text into the clipboard.

3. Click the middle button of your mouse.

>>> FF sends out whatever is in the clipboard as if it were a URL. It pastes it into the address bar and sends the request if the text doesn't contain any invalid URL characters. <<<

This is a security issue because the contents of the clipboard could contain  confidential data.

(I'm also using WMaker if that's relavant)
Related to bug 504714?
Whiteboard: [session-store-testday]
Anthony meant bug 562373, to which I referred ambiguously; though now I think that its resolution doesn't really matter.
---

In Mozilla/5.0 (X11; Linux i686; rv:2.0b8pre) Gecko/20101208 Firefox/4.0b8pre
with default settings, middle click:
* if clipboard contains a complete URL, loads the site.
* if clipboard contains random text (even one line, even like "yandex.ru"), does nothing.
So it works for me with what I tried.
Yes, a work around is to set middlemouse.contentLoadURL to "true" within about:config. The reports referenced by Anthony and Aleksej (and many others) are the same problem under different scenarios.

I believe that the issue is more than an inconvenience because of the security issues cited.

Recommendation: middlemouse.contentLoadURL set to false as default in future releases.
(In reply to comment #3)
work around s/b workaround
Sorry, I misread the bug report.
I had been experiencing this bug in previous versions of Firefox / Fedora, but as far as I can tell, somewhere in the upgrade to Fedora 15 / Firefox 6, this issue was fixed, and now middle click functions normally.
@v387 can you confirm this bug in Firefox 6?
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #7)
> @v387 can you confirm this bug in Firefox 6?

Sorry, the machine that was exhibiting the problem is now in a production environment and I can't experiment with it. As I said above, it's the same issue as reported by Anthony and Aleksej, et. al. and can be avoided by setting middlemouse.contentLoadURL to "true" within about:config.

If those other reports have been resolved then this one can be closed.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.