[tbb-bugs] #17558 [Tor Browser]: Copying from clipboard is dangerous
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Nov 8 19:33:55 UTC 2015
#17558: Copying from clipboard is dangerous
-----------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+----------------------
Let's consider a simple scenario
1 user copies a text from a website
2 user pastes it into a msword document
3.1 the text has a transparent img in it, when the user pastes it into
msword, msword loads the img from network, deanonimizing the user.
or
3.2 the text has a transparent swf in it, when the user copies it, the
clipboard logger application understands it is a html tryes to render, in
order to do it it loads MSIE engine which loads flash plugin which
executes swf which collects and sends sensitive data.
TorBrowser must sanitize the info transferred to/from clipboard removing
all the content available from the network and all the active content
(scripts, swfs, applets, etc).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17558>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list