Another nail in the 'Apple and Firefox are more secure' coffin

Back on the 9th of August, I wrote about malvertizements that were using a computer's clipboard to distribute fraudware URLs via copy/paste.

Today I found discussion at Apple Discussions where a MAC user, who is using Firefox as his web browser, was fighting that exact problem:

"This has happened to me twice now, on two separate computers at work. My clipboard has been hijacked with this:

<<url removed>>

And once it's in the clipboard, I can't copy anything else over it until I've restarted the machine.

I'm only going to websites that are directly linked off the main page of digg.com, so they're not obscure, and I'm surfing in firefox, though the system wide clipboard is getting taken over, so I can't even copy something over that from a program like TextEdit.

I'm wondering if this has been happening to anyone else and if you you've found a way to take back the clipboard without rebooting."

It is worrying that I see a commentator claim that he was hit while using Facebook, with another mentioning Digg, and yet another mentioning lime.com

Published Fri, Aug 15 2008 10:53 by sandi
Filed under: ,

Comments

# re: Another nail in the 'Apple and Firefox are more secure' coffin

Friday, August 15, 2008 4:00 AM by Conrad Longmore

In general the "security through obscurity" approach only gets you so far, and certainly OS X (and Linux) is in principle no more secure than Windows, they just don't get targeted as much.

On the other hand, Firefox is fundamentally more secure than IE because it doesn't [currently] support the concept of different security zones and does not support ActiveX at all. And then you have Firefox add-ons like NoScript and FlashBlock which can help secure the machine still further.. but the problem is that these a not really tools for novices.

I've said for a long time that "there's no such thing as a safe site". Perhaps it is also true to say that "there's no such thing as a safe platform"?

# re: Another nail in the 'Apple and Firefox are more secure' coffin

Friday, August 15, 2008 6:54 AM by Calvin

IE would tell some one about it, it doesn't like clipboard hijacks.

# re: Another nail in the 'Apple and Firefox are more secure' coffin

Friday, August 15, 2008 1:48 PM by Hawkman

It's not exactly a nail in anything's coffin, surely? Just legitimate functionality being abused, which is quite sad. The commenters on that thread say it goes away when the affected page is closed, as expected.

# re: Another nail in the 'Apple and Firefox are more secure' coffin

Friday, August 15, 2008 2:09 PM by Indy

One of the reasons that the first thing I do after installing FF3 is to download/install some key plugins - Adblock, Flashblock and scriptblocker.

Then you have to activate scripts on a website before they run, and even then, I only temporarily activate scripts.