Linux clipboard information disclosure though selection paste
- December 10, 2013
- Vincent Lefevre
- Firefox, SeaMonkey
- Fixed in
- Firefox 26
- SeaMonkey 2.23
Mozilla community member Vincent Lefevre reported that on Linux systems, web content can access data saved to the clipboard when a user attempts to paste a selection with a middle-click instead of pasting the selection content. This allows for possibly private data in the clipboard to be inadvertently disclosed to web content. Windows and OS X systems are not affected by this issue.
In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts.