Bug 1216490

Summary: Prevent pastejacking on firefox on X11
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: GeneralAssignee: Mozilla Bugs <mozilla-bugs>
Status: RESOLVED UPSTREAM QA Contact: Security Team bot <security-team>
Severity: Enhancement    
Priority: P5 - None CC: jsegitz, martin.sirringhaus
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
See Also: https://bugzilla.mozilla.org/show_bug.cgi?id=1855345
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2023-10-23 10:58:37 UTC 
The full details are in
https://seclists.org/oss-sec/2023/q4/132
but the gist is that Firefox allows arbitrary pages to change to content of your primary selection buffer. 

Patch to prevent this would be:
diff -r 9b362770f30b layout/generic/nsFrameSelection.cpp
--- a/layout/generic/nsFrameSelection.cpp       Fri Oct 06 12:03:17 2023 +0000
+++ b/layout/generic/nsFrameSelection.cpp       Sun Oct 08 11:04:41 2023 +0300
@@ -3345,6 +3345,10 @@
     return;  // Don't care if we are still dragging.
   }

+  if (aReason & nsISelectionListener::JS_REASON) {
+    return;
+  }
+
   if (!aDocument || aSelection.IsCollapsed()) {
 #ifdef DEBUG_CLIPBOARD
     fprintf(stderr, "CLIPBOARD: no selection/collapsed selection\n");

There's a lengthy discussion on the mailing list. In my opinion that's very undesirable behavior and we should carry the patch if upstream doesn't want to change
Comment 2 Johannes Segitz 2023-11-10 09:54:44 UTC 
no we can just wait for the next regular release. Thank you :)