[tbb-bugs] #17558 [Applications/Tor Browser]: Copying to clipboard is dangerous

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 4 04:15:28 UTC 2017


#17558: Copying to clipboard is dangerous
--------------------------------------+--------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 This is a known issue. The same can occur on Linux and UNIX systems, where
 copying and pasting a single line of text into a terminal compromises you
 when the paste contains a hidden newline, followed by a malicious line of
 code, and another newline. Or if you paste text into an IRC client, where
 it may contain a newline, followed by an `/exec` statement with a
 malicious command, and a newline.

 Any time a paste contains newlines or control codes, there is an implicit
 risk, and you may not know if the clipboard buffer contains one, because
 the text you see may not be all the text that is present.

 See https://thejh.net/misc/website-terminal-copy-paste for example.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17558#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list