[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10593 [Firefox Patch Issues]: Clipboard data might be leaking

Subject: Re: [tor-bugs] #10593 [Firefox Patch Issues]: Clipboard data might be leaking
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 14 Jan 2014 10:24:19 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 Jan 2014 05:24:17 -0500
In-reply-to: <042.3eef21861ab0e1d42f3301fa7f544516@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.3eef21861ab0e1d42f3301fa7f544516@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10593: Clipboard data might be leaking
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  mikeperry
         Type:  defect               |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-linkability,
   Resolution:                       |  tbb-3.0
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by gk):

 Replying to [comment:2 mikeperry]:
 > What is the scope of this? In #10285, you said cross-origin. Does that
 just mean 3rd parties on the current tab? Or all tabs?
 >
 > In either case, this seems like something Mozilla should be aware of. If
 I am writing some kind of webapp that sources third party content in
 iframes (like ads), it seems bad to have those third party frames
 observing *any* events outside their origin. In fact, that is usually
 forbidden.

 Okay, I was a bit brief regarding "cross-origin content". It just meant
 that wherever I copied/cut the content from (could be from the same origin
 or from a different origin (being loaded e.g. in a different tab) or even
 chrome (like the URL bar)) the first party I am pasting the content into
 might get that data. At first glance this seems like no big deal as users
 actually want that the data they paste into, say, a form should be
 available to the site hosting it (Do they? Maybe they made a mistake and
 are (or better: were) glad that they can delete the wrong pasting before
 pressing the "Send" button). But that changes as soon as one realizes that
 third party scripts included into the website have the same power as they
 are treated as first party.

 Regarding your iframe example: That should be no problem as iframes are
 not allowed to attach those listeners to the parent document.

 > What about pasting things into the url bar or other chrome areas? Is
 that still visible to content?

 No.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10593#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #10593 [Firefox Patch Issues]: Clipboard data might be leaking
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10626 [Tor bundles/installation]: onion won't peel
Next by Author: Re: [tor-bugs] #8851 [Ooni]: ooniprobe asks ubuntu for client IP when configured with "includeip: false"
Previous by thread: Re: [tor-bugs] #10593 [Firefox Patch Issues]: Clipboard data might be leaking
Next by thread: Re: [tor-bugs] #10593 [Firefox Patch Issues]: Clipboard data might be leaking
Index(es):
- Author
- Thread