1216490 – Prevent pastejacking on firefox on X11

Bug 1216490 - Prevent pastejacking on firefox on X11

Summary: Prevent pastejacking on firefox on X11

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Enhancement
Target Milestone:	---
Assignee:	Mozilla Bugs
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-10-23 10:58 UTC by Johannes Segitz
Modified:	2023-11-10 09:54 UTC (History)
CC List:	2 users (show)

See Also:	https://bugzilla.mozilla.org/show_bug.cgi?id=1855345
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2023-10-23 10:58:37 UTC

The full details are in
https://seclists.org/oss-sec/2023/q4/132
but the gist is that Firefox allows arbitrary pages to change to content of your primary selection buffer. 

Patch to prevent this would be:
diff -r 9b362770f30b layout/generic/nsFrameSelection.cpp
--- a/layout/generic/nsFrameSelection.cpp       Fri Oct 06 12:03:17 2023 +0000
+++ b/layout/generic/nsFrameSelection.cpp       Sun Oct 08 11:04:41 2023 +0300
@@ -3345,6 +3345,10 @@
     return;  // Don't care if we are still dragging.
   }

+  if (aReason & nsISelectionListener::JS_REASON) {
+    return;
+  }
+
   if (!aDocument || aSelection.IsCollapsed()) {
 #ifdef DEBUG_CLIPBOARD
     fprintf(stderr, "CLIPBOARD: no selection/collapsed selection\n");

There's a lengthy discussion on the mailing list. In my opinion that's very undesirable behavior and we should carry the patch if upstream doesn't want to change

Comment 2 Johannes Segitz 2023-11-10 09:54:44 UTC

no we can just wait for the next regular release. Thank you :)