Plug-in content may monitor keystrokes on unrelated pages

Type opera
Reporter Opera
Modified 2012-08-01T00:00:00


Plug-ins may use operating system features to detect key presses when the plug-in is focused. If the plug-in does not detect its own focused state correctly, it can detect key presses when other pages are focused, allowing the plug-in content to detect key presses intended for pages from other sites, or other parts of the browser, such as the address field. At least one major plug-in has been demonstrated to have this weakness.