You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-112

Mozilla Foundation Security Advisory 2013-112

Title: Linux clipboard information disclosure though selection paste
Impact: Low
Announced: December 10, 2013
Reporter: Vincent Lefevre
Products: Firefox, Seamonkey

Fixed in: Firefox 26
  Seamonkey 2.23

Description

Mozilla community member Vincent Lefevre reported that on Linux systems, web content can access data saved to the clipboard when a user attempts to paste a selection with a middle-click instead of pasting the selection content. This allows for possibly private data in the clipboard to be inadvertently disclosed to web content. Windows and OS X systems are not affected by this issue.

In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts.

References