Full Disclosure mailing list archives

Re: mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability

From: nicolas vigier <boklm () mars-attacks org>
Date: Wed, 28 Apr 2004 20:06:29 +0200

On Wed, 28 Apr 2004, Michael Williamson wrote:

This isn't as much a typical vulnerability as it is poorly-designed
behavior. I've noticed when cutting/pasting data (unix style, w/middle
mouse button) into a Web form, any attempt to paste into an area without
first clicking on the input will result in firefox doing a google search
on the contents of the paste.  If I happen to be cutting/pasting
confidential data, this is bad.


Yes. It's not a bug, it's a feature :)
When you paste an url on a webpage, the url is loaded. If it's not an
url then it is searched on google (or the search engine you selected).
It's possible to disable this behavior if you don't like it, add this
line in your user.js file :
user_pref("middlemouse.contentLoadURL", false); 

more infos on this page :
http://www.mozilla.org/unix/customizing.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability Michael Williamson (Apr 28)
- Re: mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability nicolas vigier (Apr 28)
- Re: mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability Henrik Persson (Apr 28)
  - Re: mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability Michael Williamson (Apr 28)