Re: with firefox on X11, any page can pastejack you anytime

[Jeffrey Walton <noloader () gmail com>]

On Thu, Oct 19, 2023 at 6:22 PM niekt0 <niekt0 () kyberia cz> wrote:
> the problem with modification of "clipboard" is unfortunately much broader, than just command execution in the shell. 
> Imagine situation like pasting a bank account number for money transfer into internetbankig web page, and some 
> browser tab in background silently replaces the number. Or replaces the bitcoin address, to make situation more 
> dramatic. The direct command execution is probably the most straight-forward approach, but with bit of a creativity 
> you can come with many various attack scenarios.
>
> While I agree that application isolation in X11 is a security problem, this bug/feature is bit of a new pokemon, it 
> also breaks tab isolation within a browser itself, when used under X11.

I think it's worse than described now. We've got those apps that
monitor the clipboard and ship the data back to a server. That
includes sensitive information like bank accounts and passwords.
Confer, <https://www.reddit.com/r/iphone/comments/hlfmba/apps_caught_snooping_clipboard_contents_even/>.

And I believe Reddit does it for targeted advertising.

Jeff