17220 – Swfdec does not support Clipboard Hijack Attacks

Bug 17220 - Swfdec does not support Clipboard Hijack Attacks

Summary: Swfdec does not support Clipboard Hijack Attacks

Status:	RESOLVED INVALID

Alias:	None

Product:	swfdec
Classification:	Unclassified
Component:	plugin (show other bugs)
Version:	0.7.x
Hardware:	x86 (IA32) Linux (All)

Importance:	lowest enhancement
Assignee:	swfdec ml
QA Contact:	swfdec ml

URL:	http://it.slashdot.org/it/08/08/20/00...
Whiteboard:
Keywords:

Depends on:	10840
Blocks:
	Show dependency tree / graph

Reported:	2008-08-20 02:40 UTC by Öyvind Saether
Modified:	2018-04-28 15:20 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Öyvind Saether 2008-08-20 02:40:38 UTC

The Adove Flash URL clipboard-hijacking insertion of hostile URLs "feature" (demo at http://raffon.net/research/flash/cb/test.html) does not work with swfdec-mozilla.

Comment 1 Pekka Lampila 2008-08-20 12:42:10 UTC

We don't currently support AVM2 (aka. AS3, ABC) that is required to make this attack work, adding depends

Might be possible to write AS2 version of this attack, and that wouldn't work in Swfdec either since we lack support for System.setClipboard function

Comment 2 Benjamin Otte 2008-08-27 01:49:56 UTC

System.setClipboard functionality should work like popups: Only allow them when handling key presses or mouse clicks. That way buttons like "copy" and ctrl-c work fine, but you don't get random crap put in your clipboard.

Comment 3 Öyvind Saether 2018-04-28 15:20:51 UTC

this bug should be closed on the grounds that nobody cares about flash anymore

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.