Bug 17220 - Swfdec does not support Clipboard Hijack Attacks
Summary: Swfdec does not support Clipboard Hijack Attacks
Status: RESOLVED INVALID
Alias: None
Product: swfdec
Classification: Unclassified
Component: plugin (show other bugs)
Version: 0.7.x
Hardware: x86 (IA32) Linux (All)
: lowest enhancement
Assignee: swfdec ml
QA Contact: swfdec ml
URL: http://it.slashdot.org/it/08/08/20/00...
Whiteboard:
Keywords:
Depends on: 10840
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-20 02:40 UTC by Öyvind Saether
Modified: 2018-04-28 15:20 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Öyvind Saether 2008-08-20 02:40:38 UTC
The Adove Flash URL clipboard-hijacking insertion of hostile URLs "feature" (demo at http://raffon.net/research/flash/cb/test.html) does not work with swfdec-mozilla.
Comment 1 Pekka Lampila 2008-08-20 12:42:10 UTC
We don't currently support AVM2 (aka. AS3, ABC) that is required to make this attack work, adding depends

Might be possible to write AS2 version of this attack, and that wouldn't work in Swfdec either since we lack support for System.setClipboard function
Comment 2 Benjamin Otte 2008-08-27 01:49:56 UTC
System.setClipboard functionality should work like popups: Only allow them when handling key presses or mouse clicks. That way buttons like "copy" and ctrl-c work fine, but you don't get random crap put in your clipboard.
Comment 3 Öyvind Saether 2018-04-28 15:20:51 UTC
this bug should be closed on the grounds that nobody cares about flash anymore


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.