Closed Bug 859140 Opened 12 years ago Closed 12 years ago

Copying text can copy malicious code

Categories

(Firefox :: Untriaged, defect, P1)

Product:
Firefox
Component:
Untriaged
Version:
20 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 859127

People

(Reporter: thangalin, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external)

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 Build ID: 20130329030832 Steps to reproduce: 1. Browse to http://thejh.net/misc/website-terminal-copy-paste 2. Copy the "git clone" line 3. Paste it into a terminal Actual results: The following text was pasted: git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust! Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd git clone git://git.kernel.org/pub/scm/utils/kup/kup.git Expected results: The following text should have been pasted: git clone git://git.kernel.org/pub/scm/utils/kup/kup.git I didn't copy anything else. A website should be allowed to arbitraily change the clipboard contents.
A website should *NOT* be allowed to arbitraily change the clipboard contents. ;-)
URL: http://thejh.net/misc/website-termina...
Severity: normal → critical
Priority: -- → P1
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.