Control: severity -1 wishlist Control: tag -1 - security Control: tag -1 wontfix
Closing as wontfix, feature requests belong upstream rather than in the BTS. Cheers, Julien On Tue, May 24, 2016 at 03:57:28PM +0200, Christoph Anton Mitterer wrote: > Source: firefox > Severity: important > Tags: security > > > Hi. > > There is no reason why a browser should access the clipboard > of the client. > It opens all kinds of attack vetors and likely privacy leaks. > > See e.g. recent exploits[0]. > > I wouldn't be all to surprised if Mozilla would also allow > to read out the current clip board contents, which wold be a > really grave issue, as it could contain passwords, keys, etc. > > There has been some recent media coverage[1] (this one in > German) about [0]. > > Cheers, > Chris. > > [0] https://github.com/dxa4481/Pastejacking > [1] > http://www.golem.de/news/pastejacking-im-browser-codeausfuehrung-per-copy-and-paste-1605-121062.html
