Closed
Bug 605939
Opened 14 years ago
Closed 13 years ago
clicking middle mouse button causes FF to try to send out the contents of the clipboard as a HTTP GET request
Categories
(Firefox :: Security, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 504714
People
(Reporter: v387, Unassigned)
Details
(Whiteboard: [session-store-testday])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 1. Select some text from the content of any currently displayed web page. 2. Type ctl-C or any other method of copying the text into the clipboard. 3. Click the middle button of your mouse. >>> FF sends out whatever is in the clipboard as if it were a URL. It pastes it into the address bar and sends the request if the text doesn't contain any invalid URL characters. <<< This is a security issue because the contents of the clipboard could contain confidential data. (I'm also using WMaker if that's relavant) Reproducible: Always Steps to Reproduce: 1. Select some text from the content of any currently displayed web page. 2. Type ctl-C or any other method of copying the text into the clipboard. 3. Click the middle button of your mouse. >>> FF sends out whatever is in the clipboard as if it were a URL. It pastes it into the address bar and sends the request if the text doesn't contain any invalid URL characters. <<< This is a security issue because the contents of the clipboard could contain confidential data. (I'm also using WMaker if that's relavant)
Comment 2•14 years ago
|
||
Anthony meant bug 562373, to which I referred ambiguously; though now I think that its resolution doesn't really matter. --- In Mozilla/5.0 (X11; Linux i686; rv:2.0b8pre) Gecko/20101208 Firefox/4.0b8pre with default settings, middle click: * if clipboard contains a complete URL, loads the site. * if clipboard contains random text (even one line, even like "yandex.ru"), does nothing. So it works for me with what I tried.
Yes, a work around is to set middlemouse.contentLoadURL to "true" within about:config. The reports referenced by Anthony and Aleksej (and many others) are the same problem under different scenarios. I believe that the issue is more than an inconvenience because of the security issues cited. Recommendation: middlemouse.contentLoadURL set to false as default in future releases.
(In reply to comment #3) work around s/b workaround
Comment 5•14 years ago
|
||
Sorry, I misread the bug report.
Comment 6•13 years ago
|
||
I had been experiencing this bug in previous versions of Firefox / Fedora, but as far as I can tell, somewhere in the upgrade to Fedora 15 / Firefox 6, this issue was fixed, and now middle click functions normally.
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #7) > @v387 can you confirm this bug in Firefox 6? Sorry, the machine that was exhibiting the problem is now in a production environment and I can't experiment with it. As I said above, it's the same issue as reported by Anthony and Aleksej, et. al. and can be avoided by setting middlemouse.contentLoadURL to "true" within about:config. If those other reports have been resolved then this one can be closed.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•