It was discovered that the JRE provides unsigned applets with more meta data
than necessary when forwarding native mouse dragging events to the JRE objects
that visualize and manage applets. So even when the mouse moves over the canvas
of an applet, the embedded clipboard can be accessed. This means that it is not
necessary to drop, moving over the applet if sufficient to spy the data. Even by
As a proof of concept we developed a demo applet that intercepts some graphics
format (JPG, PNG) and also Openoffice (we access the RTF representation and
embedded png files for demo purposes, but the entire ZIP container is accessible).
Due to it's platform-independency this technique works on all Java-enabled
architectures, the embedded parser just needs to recognize the MIME-types that
are passed to it.
*** This bug has been marked as a duplicate of bug 575756 ***