Package: nspluginwrapper Version: 0.9.91.4-3 Severity: normal I have iceape with nspluginwrapper and Adobe 32-bit flash plugin installed on my debian-amd64/unstable system. I've just noticed that even when a flash application is running inside iceape browser that is NOT currently active window, it is still receiving all the keystokes and responding to them. I believe this is a security hole as this opens a possibilty to a flash application to spy on you (e.g., when you are typing a password for some other application). Also, as I am unable to reproduce this bug with debian-i386/unstable and Adobe flash plugin, I believe this bug is somehow related to nspluginwrapper used on debian-amd64. If it is not related to nspluginwrapper, please forward this bugreport accordingly.
To reproduce this bug: 1) Run iceape and load this page: http://www.addictinggames.com/bloxors.html 2) You will see a (nice) flash game. Start a new game there and proceed to Stage 1. Note that the game is controlled by the arrows keys on the keyboard. 3) Now, switch to other application (e.g., run a text editor) and try to press arrow keys there. You will see that the flash game is still responding to these keys, meaning that it gets the keystrokes that are supposed to have an effect in this other application only. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'sarge-unsupported'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.22.1 (SMP w/2 CPU cores) Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Shell: /bin/sh linked to /bin/bash Versions of packages nspluginwrapper depends on: ii fake-ia32-libs [ia32-libs] 1.0 Fake ia32-libs ii ia32-libs 2.1 ia32 shared libraries for use on a ii ia32-libs-gtk 2.0 gtk+ ia32 shared libraries ii lib32gcc1 1:4.2.1-1 GCC support library (32 bit Versio ii libc6 2.6-5 GNU C Library: Shared libraries ii libc6-i386 2.6-5 GNU C Library: 32bit shared librar ii libglib2.0-0 2.12.13-1 The GLib library of C routines ii libx11-6 2:1.0.3-7 X11 client-side library ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii linux32 1-3 Wrapper to set the execution domai nspluginwrapper recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
