Re: with firefox on X11, any page can pastejack you anytime

[Turistu <turistu () gmail com>]

On Tue, Oct 17, 2023 at 03:17:36AM +0300, turistu wrote:
> In firefox running on X11, any script from any page can freely write to the
> primary selection, and that can be easily exploited to run arbitrary code
> on the user's machine.

OK this was probably too technical and terse for people not familiar
with X11 programming and terminology, so thing goes like this:

1. If you're a user who has first learned to use a GUI on e.g. Windows,
and who is used to copy & paste with Ctrl-C Ctrl-V (or with left-click,
choose Copy from the menu, and then again left-click, choose Paste),
then congratulations! this DOES NOT AFFECT YOU.

(Unless you're using some clipboard tools which merges the primary and
clipboard selection, but I guess you don't ;-))

2. But if you're a *native* X11 user who is used to just select the text and
then paste it with a middle-click or shift-Insert, then this means you're
pretty much done, and you should immediately either stop using firefox or
try the workaround and patch described in my report. This also includes
Wayland users.

I have no idea (nor do I really care) how many of us are in 2. According
to their telemetry, probably none at all. According to their prejudices,
probably just a couple of insignificant trolls.