Scary:
Pushing poisoned style sheets into documents to XSS into GMail via copy and paste.
“Affected” office software
- Office 2013, LibreOffice and similar tools, PDF Reader, FoxIT Reader
- They can be used to poison the clipboard with malicious markup
Affected browsers
- Just MSIE, Chrome, Opera, Safari, Firefox, anything WebKit or Blink.
- Strangely, Blink on Windows behaves differently from Blink on *nix
Flash can be used to attach as well.
Details: https://insomnihackdotme.files.wordpress.com/2015/03/copypest.pdf
Thanks Kristian for posting.
–jeroen
via: