You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0) > MFSA 2005-08

Mozilla Foundation Security Advisory 2005-08

Title: Synthetic middle-click event can steal clipboard contents
Severity: Moderate
Reporter: Jesse Ruderman
Products: Firefox, Mozilla Suite

Fixed in: Firefox 1.0
  Mozilla Suite 1.7.5

Description

Script-generated middle-click events can steal clipboard contents on systems where that action is a paste. Middle-click paste is the default behavior on Unix systems, and a hidden option elsewhere.

Workaround

Disable javascript or upgrade to fixed version.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=265728