Note: There are a few cases of duplicates in user autocompletion which are being worked on.

A double-click on a word can select invisible text, including newline characters

UNCONFIRMED
Unassigned

Status

()

Core
Selection
--
major
UNCONFIRMED
7 years ago
2 years ago

People

(Reporter: Vincent Lefevre, Unassigned)

Tracking

1.9.2 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-GB; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-GB; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14

A double-click on a word can select invisible text, including newline characters, while the user thinks that only the word is selected.

This means that if the user pastes the selection, much more text will be pasted. This can be very harmful under some conditions, where a newline character may validate something. This is the case in a text terminal, in particular when running a shell. With such a method, an attacker (by fooling the user, who isn't aware of this bug) could run any command in the user's shell to destroy data (e.g. with \rm -rf ~) or retrieve private data (e.g. with the mail command).

Reproducible: Always

Steps to Reproduce:
1. Open the URL https://bugzilla.mozilla.org/show_bug.cgi?id=274712 and make sure you do not have edition permissions on the summary of the bug.
2. Double-click on the last word of the bug summary ("Dialog").
3. Paste the selection in a text terminal.

Actual Results:  
I get the following two lines (each one ending with a newline character):

Dialog
Summary:        New Options Dialog


Expected Results:  
One should get only the word "Dialog".

Comment 1

6 years ago
With Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20100101 Firefox/4.0, I get only “Dialog ” copied (with a space after the word “Dialog”).

Comment 2

6 years ago
Same with Mozilla/5.0 (X11; Linux x86_64; rv:2.0b13pre) Gecko/20110315 Firefox/4.0b13pre. Is that enough to consider it fixed there?

Reproduced with 3.5.17 and 3.6.14.

Probably duplicate of bug 464789 (haven't tried to reproduce), maybe even bug 461605?
Version: unspecified → 1.9.2 Branch

Comment 3

6 years ago
The space selection might be bug 452948.
(Reporter)

Comment 4

6 years ago
I forgot... since the summary appears several times: the problem occurs only with the summary over a gray background.

I cannot reproduce bug 464789, so that it is not a duplicate (perhaps it is a MS Windows only behavior, if it is bug 452948 as suggested by Comment 3). Anyway there's much more than a trailing space here.

Bug 461605 concerns Thunderbird, and I wonder what the equivalent would be for Firefox.
(Reporter)

Comment 5

4 years ago
Actually any selection can include invisible text, not just a double-click on a word. This is a similar problem, except that the one with a double-click on a word is worse, since even when one knows that text can be hidden with CSS, one doesn't expect more than a word to be selected in the case of a double-click on a word. However I think that the more general problem should be fixed too because it is too easy to be fooled, and fixing it would fix this particular bug as a consequence, IMHO.

FYI, about the more general problem:
  http://www.ush.it/team/ascii/hack-tricks_253C_CCC2008/wysinwyc/what_you_see_is_not_what_you_copy.txt
  http://thejh.net/misc/website-terminal-copy-paste
(Reporter)

Comment 6

2 years ago
This bug still occurs with Firefox 39.0 under Linux, but I just get a space as in Comment 1.
You need to log in before you can comment on or make changes to this bug.