[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability

To: Michael Williamson <mwilliamson@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability
From: nicolas vigier <boklm@xxxxxxxxxxxxxxxx>
Date: Wed, 28 Apr 2004 20:06:29 +0200

On Wed, 28 Apr 2004, Michael Williamson wrote:

> This isn't as much a typical vulnerability as it is poorly-designed
> behavior. I've noticed when cutting/pasting data (unix style, w/middle
> mouse button) into a Web form, any attempt to paste into an area without
> first clicking on the input will result in firefox doing a google search
> on the contents of the paste.  If I happen to be cutting/pasting
> confidential data, this is bad.

Yes. It's not a bug, it's a feature :)
When you paste an url on a webpage, the url is loaded. If it's not an
url then it is searched on google (or the search engine you selected).
It's possible to disable this behavior if you don't like it, add this
line in your user.js file :
user_pref("middlemouse.contentLoadURL", false); 

more infos on this page :
http://www.mozilla.org/unix/customizing.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability
  - From: Michael Williamson

Prev by Date: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scanners
Next by Date: RE: [Full-Disclosure] no more public exploits and general PoC gui de lines
Previous by thread: Re: [Full-Disclosure] mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability
Next by thread: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
Index(es):
- Date
- Thread