Bug 454068 - Unsigned Applet intercepts bypassing clipboard data
Unsigned Applet intercepts bypassing clipboard data
Status: CLOSED DUPLICATE of bug 575756
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Rodney Russ
: Security
Depends On:
  Show dependency treegraph
Reported: 2008-07-04 06:01 EDT by Marc Schoenefeld
Modified: 2011-06-15 03:19 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-06-15 03:12:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Marc Schoenefeld 2008-07-04 06:01:03 EDT
It was discovered that the JRE provides unsigned applets with more meta data
than necessary when forwarding native mouse dragging events to the JRE objects
that visualize and manage applets. So even when the mouse moves over the canvas
of an applet, the embedded clipboard can be accessed. This means that it is not
necessary to drop, moving over the applet if sufficient to spy the data. Even by
unsigned applets.  
As a proof of concept we developed a demo applet that intercepts some graphics
format (JPG, PNG) and also Openoffice (we access the RTF representation and
embedded png files for demo purposes, but the entire ZIP container is accessible). 
Due to it's platform-independency this technique works on all Java-enabled
architectures, the embedded parser just needs to recognize the MIME-types that
are passed to it.
Comment 4 Tomas Hoger 2011-06-15 03:12:52 EDT

*** This bug has been marked as a duplicate of bug 575756 ***

Note You need to log in before you can comment on or make changes to this bug.