[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] with firefox on X11, any page can pastejack you anytime
From: Turistu <turistu () gmail ! com>
Date: 2023-10-26 20:11:32
Message-ID: 841313aeae2c595e9ed3cf2f7197a7c3.939be4cb () humanizers ! horsehide
[Download RAW message or body]
On Tue, Oct 17, 2023 at 03:17:36AM +0300, turistu wrote:
> ### Firefox Patch
> ```
> diff -r 9b362770f30b layout/generic/nsFrameSelection.cpp
> --- a/layout/generic/nsFrameSelection.cpp Fri Oct 06 12:03:17 2023 +0000
> +++ b/layout/generic/nsFrameSelection.cpp Sun Oct 08 11:04:41 2023 +0300
> @@ -3345,6 +3345,10 @@
> return; // Don't care if we are still dragging.
> }
>
> + if (aReason & nsISelectionListener::JS_REASON) {
> + return;
> + }
> +
> if (!aDocument || aSelection.IsCollapsed()) {
> #ifdef DEBUG_CLIPBOARD
> fprintf(stderr, "CLIPBOARD: no selection/collapsed selection\n");
> ```
>
> The idea of this patch was to *always* prevent javascript from indirectly
> messing with the primary selection via the Selection API. However, it turned
> out that the `JS_REASON` flag was not reliable; if javascript calls some
> function like `addRange()` or `selectAllChildren()` while the user has started
> dragging but hasn't released the mouse button yet, that code will be called
> *without* that flag but with the text set by javascript, not the text
> selected by the user. However, I think that this patch is still enough
They have recently added a (functionally identical) patch to mozilla-central:
https://hg.mozilla.org/mozilla-central/rev/88e0043c5aa4234dada941ac2fd0ded875210508
So the most egregious issue should be fixed in their "nighly" pre-release
version of firefox soon.
I have updated my write-up with that and more info at:
https://github.com/turistu/odds-n-ends/blob/main/firefox/pastejack.md
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic