Bug 454068 - Unsigned Applet intercepts bypassing clipboard data
Summary: Unsigned Applet intercepts bypassing clipboard data
Keywords:
Status: CLOSED DUPLICATE of bug 575756
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Rodney Russ
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-04 10:01 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-15 07:12:52 UTC


Attachments (Terms of Use)

Description Marc Schoenefeld 2008-07-04 10:01:03 UTC
It was discovered that the JRE provides unsigned applets with more meta data
than necessary when forwarding native mouse dragging events to the JRE objects
that visualize and manage applets. So even when the mouse moves over the canvas
of an applet, the embedded clipboard can be accessed. This means that it is not
necessary to drop, moving over the applet if sufficient to spy the data. Even by
unsigned applets.  
As a proof of concept we developed a demo applet that intercepts some graphics
format (JPG, PNG) and also Openoffice (we access the RTF representation and
embedded png files for demo purposes, but the entire ZIP container is accessible). 
Due to it's platform-independency this technique works on all Java-enabled
architectures, the embedded parser just needs to recognize the MIME-types that
are passed to it.

Comment 4 Tomas Hoger 2011-06-15 07:12:52 UTC

*** This bug has been marked as a duplicate of bug 575756 ***


Note You need to log in before you can comment on or make changes to this bug.