Mozilla Foundation Security Advisory 2013-112

Linux clipboard information disclosure though selection paste

Announced

December 10, 2013

Reporter

Vincent Lefevre

Impact

Low

Products

Firefox, SeaMonkey

Fixed in

Firefox 26
SeaMonkey 2.23

Description

Mozilla community member Vincent Lefevre reported that on Linux systems, web content can access data saved to the clipboard when a user attempts to paste a selection with a middle-click instead of pasting the selection content. This allows for possibly private data in the clipboard to be inadvertently disclosed to web content. Windows and OS X systems are not affected by this issue.

In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts.

References

Under Linux, a script can read clipboard data when PRIMARY selection paste (with middle-click) is used (CVE-2013-6672)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2013-112

Linux clipboard information disclosure though selection paste

Description

References