Bug 17220

Summary: Swfdec does not support Clipboard Hijack Attacks
Product: swfdec Reporter: Öyvind Saether <oyvinds>
Component: pluginAssignee: swfdec ml <swfdec>
Status: RESOLVED INVALID QA Contact: swfdec ml <swfdec>
Severity: enhancement    
Priority: lowest    
Version: 0.7.x   
Hardware: x86 (IA32)   
OS: Linux (All)   
URL: http://it.slashdot.org/it/08/08/20/0029220.shtml
Whiteboard:
i915 platform: i915 features:
Bug Depends on: 10840    
Bug Blocks:    

Description Öyvind Saether 2008-08-20 02:40:38 UTC 
The Adove Flash URL clipboard-hijacking insertion of hostile URLs "feature" (demo at http://raffon.net/research/flash/cb/test.html) does not work with swfdec-mozilla.
Comment 1 Pekka Lampila 2008-08-20 12:42:10 UTC 
We don't currently support AVM2 (aka. AS3, ABC) that is required to make this attack work, adding depends

Might be possible to write AS2 version of this attack, and that wouldn't work in Swfdec either since we lack support for System.setClipboard function
Comment 2 Benjamin Otte 2008-08-27 01:49:56 UTC 
System.setClipboard functionality should work like popups: Only allow them when handling key presses or mouse clicks. That way buttons like "copy" and ctrl-c work fine, but you don't get random crap put in your clipboard.
Comment 3 Öyvind Saether 2018-04-28 15:20:51 UTC 
this bug should be closed on the grounds that nobody cares about flash anymore

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.