CVE-2024-8900: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects…

CVE-2024-8900 [HIGH] CVE-2024-8900: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

CVE-2024-8900 [HIGH] CWE-732 GHSA-97x9-7h6v-3jx9: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129.

CVE-2024-8900 [HIGH] firefox: Clipboard write permission bypass firefox: Clipboard write permission bypass An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 10) - Not affected Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: firefox (Red Hat Enterprise Linux 9) - Affected Package: firefox-flatpak-container (Red H

CVE-2024-8900 [HIGH] CVE-2024-8900: firefox - An attacker could write data to the user's clipboard, bypassing the user prompt,... An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. Scope: local sid: resolved (fixed in 129.0-1)

CVE-2024-8900 [HIGH] Mozilla Foundation Security Advisory 2024-47: CVE-2024-8900 Mozilla Foundation Security Advisory 2024-47 CVE: CVE-2024-8900 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 128.3

CVE-2024-8900 [HIGH] Mozilla Foundation Security Advisory 2024-49: CVE-2024-8900 Mozilla Foundation Security Advisory 2024-49 CVE: CVE-2024-8900 Product: Thunderbird Impact: high Fixed in: Thunderbird 128.3

CVE-2024-8900 [HIGH] Mozilla Foundation Security Advisory 2024-33: CVE-2024-8900 Mozilla Foundation Security Advisory 2024-33 CVE: CVE-2024-8900 Product: Firefox Impact: low Fixed in: Firefox 129

Can write to clipboard from beforeunload event handler if navigation is user-triggered Can write to clipboard from beforeunload event handler if navigation is user-triggered Created attachment 9370857 firefox_bypass_copy_to_clipboard.mp4 User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Steps to reproduce: I found a "copy to clipboard" protection error in the clipboard access permission prompt when there was a page that asked to automatically paste text to the user's clipboard. Normally: when a page asks to automatically enter text into the user's clipboard a permission prompt will appear. Bug: Unfortunately, the bug that I found can bypass it even though the prompt status is blocked, where the reload function in the browser makes it possible to bypass the copy to clipboard permission automatical